[gelatocar]

As I was reading this I was thinking to myself "I wonder if it is grammarly related" because I experienced a bug some time ago that presented itself in a similar way. It was impossible to reproduce but affecting lots of people internally within certain departments. Eventually we figured out the thing they had in common was that they had the Grammarly extension installed.

The other key thing was that the bug only appeared on our staging preview urls, not on the live website. It turned out it was because of a bad regex in the grammarly extension that caused the page to hang if the domain name was more than about 100 characters. Our staging domains were pretty long, I think they contained a few subdomains and had a job number or something in there.

This one is more crazy though if it is really caused by the desktop app - that's pretty scary!

[karmakaze]

I was so disappointed that the story ended with we can't look inside Grammerly or Chrome to know why the gif decode/rendering causes it to crash. This isn't interesting at all. Many problems get narrowed down to some combination but not knowing really why is unsatisfying.

[chatmasta]

It would be nice if the author would at least publish the .gif file. I want to dig into this.

[iamcreasy]

Second this. Also, I'd like to know what was different in the new gif.

[jsunderland323]

Agreed. I was on the edge of my seat. I wouldn’t do a write up for something like this. I feel no-soap radio’d.

[karmakaze]

TIL: Thanks for that. https://en.wikipedia.org/wiki/No_soap_radio

[jolux]

The Chromium source code is also available, not sure why they said they couldn't look at it. If it replicates with Chromium you can dig right in.

[rhaps0dy]

If you read carefully you will see that they said the bug didn’t replicate with Chromium

[rezonant]

They did yeah, but did they try Chromium with Grammarly?

[jolux]

They say it didn't replicate in Chromium but that's before they figured out what it was.

[codethief]

> It turned out it was because of a bad regex in the grammarly extension that caused the page to hang if the domain name was more than about 100 characters.

Just today I debugged a regex that would DoS our backend whenever the user enters the wrong thing in a form.

Now I'm reading up on regex engines: https://swtch.com/%7Ersc/regexp/regexp1.html

[dev_slash_null]

Just in case you haven't seen the postmortem of the Cloudflare outage which also was caused by a regex based DoS: https://blog.cloudflare.com/details-of-the-cloudflare-outage...

[radiojosh]

That was a great read, but there was one thing I didn't understand: Why would the regex string have "." twice in a row? What does ".." find that "." doesn't find? Does that just mean "at least two characters"?

[rjbwork]

It means specifically 2 characters, and is equivalent to .{2}

..+ or ...* are ways of writing "at least two characters".

[bn-usd-mistake]

A single `.` matches exactly one character. `..` matches exactly two characters (not more, not less).

[beaugunderson]

I had a ReDoS issue at a prior company many years ago; at least they're lintable now:

  https://ota-meshi.github.io/eslint-plugin-regexp/rules/no-super-linear-move.html
  https://www.npmjs.com/package/eslint-plugin-redos/v/1.2.0

[bongodongobob]

Holy shit. I had a similar thing happen with some web based video surveillance software maybe 5 years ago.

A manager of some sort had his aging laptop replaced due to a company wide Windows 10 upgrade project. Super friendly older guy, probably in sales. IT went through all the procedures of inventorying software and network needs, backing up user profile and docs, etc. Great processes in place. I remember this because I saw the device assessment and it was like a 10 year old Thinkpad with 4G of RAM and a note saying he had to keep it plugged in at all times or it would shut down. Who puts up with that? Patience of a saint. Anyway.

Laptop was deployed by onsite IT to verify everything was gravy. All checked out except for Grammarly. License didn't get transferred properly or something so they had to put in a request to get his licensing working.

Fast forward a week and he gets his license key and Grammarly is tested good to go. He's checked off the list.

Later that day we get a call about not being able to see security cameras because the web page is crashing. Helpdesk tries the basics, reboot, clear cache, reinstall browser, rebuild profile, etc., nothing works and it gets escalated to me. I check the network, firewall logs, log into another PC, onsite, off-site, etc. All working for me, no one else having issues.

I tell him "I'm completely baffled here, have there been any changes lately? In your office? With your PC?" He jokingly says "Well yeah they installed Grammarly today maybe that's it?" We both laugh and I say well, I'm literally out of ideas, fuck it let's try it.

I remote in and uninstall Grammarly. "Ok go ahead and try the cameras lol". I then watch him open up Outlook, go to a folder named "Cameras", and open an email with a link to his cameras "home page". It fuckin worked. I turned Grammarly back on and clicked the link and sure enough it failed.

I made him a browser shortcut, moved his "email shortcuts" into his browser, blew his mind, and closed the ticket, but it definitely bugged me.

This tracks because it was some very dated camera software (you'll know what I mean if you've seen it) and the link was to his customized homepage with a super long php (or something) generated url. He was the only one at the site with Grammarly as well so it was the only time we saw the problem.

Thank you, I can finally close this cold case out in my brain.

[leptons]

If a website bug is not easily solved, first order of troubleshooting is to disable all extensions. Devs don't often think an extension could be causing the problem, but extensions can do wild things to a webpage. I've caught a few bugs caused by extensions this way.

[SonOfLilit]

This is not an extension. It's some other kind of plugin or weird hook. They tried disabling all extensions first thing.

[leptons]

"Hunch #2" in this article is about extensions causing problems. That is what my comment is in reference to, but maybe you didn't read the article.

Sorry but there is no rule that every comment made about an article must be specific to the outcome of an article about troubleshooting. I can comment about other things covered in the article too.