[Bug Report]: Mardown image data URI extraction fails on large images due to regex match limits #2642

New Issue

OVERLORD · 2026-02-05T04:41:48+03:00

OVERLORD commented

2026-02-05 04:41:48 +03:00

Originally created by @ssddanbrown on GitHub (Feb 6, 2022).

Describe the Bug

Regex match limits cause large embedded image data uris, within markdown content, not to be extracted due to reaching the limits of PHP regex pattern matching.

Verified by attempting to upload 3MB of data uri, which triggered issue.
Adding the below, just before the regex ran, would then allow this 3MB file to work fine.

ini_set("pcre.backtrack_limit", "23001337");
ini_set("pcre.recursion_limit", "23001337");

Need to use a more efficient solution for parsing the image data uris.
Maybe a loop over strtok to with some simple tracking would be best.

Ideally needs a test to cover.

HTML unaffected due to using a parser instead of regex.

Regex location: 767a82fb41/app/Entities/Tools/PageContent.php (L116)

As reported by @SteveDinn here: https://github.com/BookStackApp/BookStack/issues/2898#issuecomment-1030747302

Originally created by @ssddanbrown on GitHub (Feb 6, 2022). ### Describe the Bug Regex match limits cause large embedded image data uris, within markdown content, not to be extracted due to reaching the limits of PHP regex pattern matching. Verified by attempting to upload 3MB of data uri, which triggered issue. Adding the below, just before the regex ran, would then allow this 3MB file to work fine. ```php ini_set("pcre.backtrack_limit", "23001337"); ini_set("pcre.recursion_limit", "23001337"); ``` Need to use a more efficient solution for parsing the image data uris. Maybe a loop over `strtok` to with some simple tracking would be best. Ideally needs a test to cover. HTML unaffected due to using a parser instead of regex. Regex location: https://github.com/BookStackApp/BookStack/blob/767a82fb41c978b3508d128d92e056236dbd90e4/app/Entities/Tools/PageContent.php#L116 As reported by @SteveDinn here: https://github.com/BookStackApp/BookStack/issues/2898#issuecomment-1030747302

OVERLORD added the 🐛 Bug label 2026-02-05 04:41:48 +03:00

OVERLORD closed this issue

2026-02-05 04:41:50 +03:00

OVERLORD commented

2026-02-05 04:41:53 +03:00

@ssddanbrown commented on GitHub (Feb 6, 2022):

Patched in d29a2a647a, to be part of the next patch release.

@ssddanbrown commented on GitHub (Feb 6, 2022): Patched in d29a2a647aba72044b14074873d1fa626116e031, to be part of the next patch release.

OVERLORD commented

2026-02-05 04:41:58 +03:00

@ssddanbrown commented on GitHub (Feb 6, 2022):

@SteveDinn if you were awaiting this, the patch release containing the fix has now been pushed: https://github.com/BookStackApp/BookStack/releases/tag/v21.12.5

@ssddanbrown commented on GitHub (Feb 6, 2022): @SteveDinn if you were awaiting this, the patch release containing the fix has now been pushed: https://github.com/BookStackApp/BookStack/releases/tag/v21.12.5

OVERLORD commented

2026-02-05 04:42:00 +03:00

@SteveDinn commented on GitHub (Feb 6, 2022):

Awesome, thanks!

@SteveDinn commented on GitHub (Feb 6, 2022): Awesome, thanks!

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#2642