git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Willy Tarreau <w@1wt.eu>
	Tue, 16 Jun 2020 15:14:33 +0000 (17:14 +0200)
committer	Willy Tarreau <w@1wt.eu>
	Tue, 16 Jun 2020 15:19:01 +0000 (17:19 +0200)
commit	32234e751320b60a3879f274d4a4753d7570e757
tree	ff83afbbb5a99e7bedf2c31336df475a60bf9974	tree \| snapshot
parent	9e1758efbd68c8b1d27e17e2abe4444e110f3ebe	commit \| diff

BUG/MEDIUM: cfgparse: stop after a reasonable amount of fatal error

One issue with the config parser is that while it tries to report as many
errors as possible at once, it's actually unbounded. Thus, when calling
haproxy on a wrong file, it can take ages to process, such as here on
half a gigabyte of map file instead of config file:

  $ time ./haproxy -c -f large.map 2>&1 |wc -l
  16777220

  real    0m31.324s
  user    0m22.595s
  sys     0m28.909s

This patch modifies readcfgfile() to stop reading the config file after a
reasonable amount of fatal errors. This threshold is set to 50, which seems
more than enough to spot a recurrent issue with a bit of context in a terminal
to address several issues at once, without filling logs nor taking time to
parse the file. The difference is clear now:

  $ time ./haproxy -c -f large.map 2>&1 |wc -l
  55

  real    0m0.005s
  user    0m0.004s
  sys     0m0.003s

This may be backported to older versions without causing too many
difficulties. However the patch will not apply as-is, it will require
to increment the "fatal" count for each place where ERR_FATAL is set
in the parsing loop.