Problem
The DeepPrefixChain adversarial test revealed that Aho-Corasick output link traversal is O(n × max_pattern_len) in the worst case. For example, 500 nested "a" patterns against 1000 'a's produces 375,250 matches. A crafted input could exploit this to stall the scan pipeline.
Context
Discovered during P1-T4 adversarial testing. The behavior is inherent to Aho-Corasick (not a bug), but a production scanner should bound the cost.
Proposed mitigations
Phase
Address during Phase 11 (Hardening) or as part of P1-T8 (scan pipeline integration).
Related
Problem
The
DeepPrefixChainadversarial test revealed that Aho-Corasick output link traversal is O(n × max_pattern_len) in the worst case. For example, 500 nested "a" patterns against 1000 'a's produces 375,250 matches. A crafted input could exploit this to stall the scan pipeline.Context
Discovered during P1-T4 adversarial testing. The behavior is inherent to Aho-Corasick (not a bug), but a production scanner should bound the cost.
Proposed mitigations
max_matches_per_scancap toakav_ac_search— stop early once the limit is hitakav_scan_options_t.timeout_ms)Phase
Address during Phase 11 (Hardening) or as part of P1-T8 (scan pipeline integration).
Related
AhoCorasickTest.DeepPrefixChain