[horde] CPU frying due to gigantic line in description field of a kronolith event

Luis Felipe Marzagao lfbm.andamentos at gmail.com
Sun Feb 7 21:59:13 UTC 2010 

Hello:

One of my users has pasted a gigantic line in the "description" filed on 
a Kronolith event.

This line is really large. It has about 16,000 characters and spaces 
between words.

It have put an example here: 
http://www.marzagao.adv.br/example/giantline.html

As you can see in the link, when you copy/paste the text, you'll notice 
it's everything in a single line.

The problem with that is when you load Kronolith (month view) with 
something like that in a event's description field, your server's 
processor goes up to the hights. It nearly fries. The month view takes 
about 1 minute to show up.

So I started getting this in my logs:

Feb  7 17:01:03 centos mcelog: Please check your system cooling. 
Performance will be impacted
Feb  7 18:18:22 centos kernel: CPU0: Temperature above threshold, cpu 
clock throttled
Feb  7 18:18:22 centos kernel: CPU1: Temperature above threshold, cpu 
clock throttled

I've made a performance profiling with apd in Views/Month.php and 
discovered the function "iconv_substr" was taking 99% of the time the 
script needed to run. The script run for about 1 minute (and during all 
that time the CPU usage was 120% and more, which is why I was getting 
the temperature messages in the logs).

Took me three days to find who the villain was, because at first I 
dind't know it was a single kronolith event causing all the trouble. It 
gets worse when the users has "horde" as the initial application, 
because the kronolith portal block is sufficient to make the process 
burn your CPU.

Eventually, I found this particular event and then inserted some 
"carriage returns" or "enters" at some points in that gigantic line, and 
then saved the kronolith event again.

The problem went away and the month view started to load normally, with 
no delays. No more high CPU temperatures and everything back to normal 
again.

So I guess it's a potential problem and maybe there should be a way to 
prevent a single gigantic line from being processed by the String class 
or by kronolith or even by any Horde app.

Unfortunately, I am not a PHP expert and I don't know where to start... 
Should the description field be character limited? Should horde 
internals detect a line bigger than X charecters is present and avoid 
processing it? Should horde insert carriage returns and thus break apart 
lines like that when you save the kronolith event?

For now I have solved the problem by manually editing that evil 
description field, but nothing assures another user won't do that again 
or even someone intentionally just to screw my server...

Any help is appreciated.

Thanks,
Luis Felipe

More information about the horde mailing list