Project
vgrep
Description
Setting watch_debounce_ms to 0 is accepted without validation. Since this value is incorrectly used as poll_interval (see Bug #3), a value of 0 causes:
- Constant filesystem polling with no delay
- 100% CPU usage on one core
- System resource exhaustion
- Effective denial of service
Error Message
Debug Logs
System Information
Bounty Version: 0.1.0
OS: Ubuntu 24.04 LTS
CPU: AMD EPYC-Genoa Processor (8 cores)
RAM: 15 GB
Screenshots
No response
Steps to Reproduce
- Set debounce to 0:
vgrep config set watch-debounce 0
- Start file watcher:
vgrep watch .
- Monitor CPU usage:
top or htop
- Observe 100% CPU usage on vgrep process
Expected Behavior
- Minimum debounce value should be enforced (e.g., >= 10ms)
- Setting 0 should return error or use sensible minimum
- Poll interval should be separate from debounce
Actual Behavior
- Value 0 accepted without validation
- Results in
poll_interval(0ms) causing tight loop
- CPU spikes to 100% immediately
Additional Context
Tested and Confirmed:
$ vgrep config set watch-debounce 0
✅ Set watch_debounce_ms = 0
DoS Impact: Medium - Can cause local denial of service through CPU exhaustion.
Project
vgrep
Description
Setting
watch_debounce_msto 0 is accepted without validation. Since this value is incorrectly used aspoll_interval(see Bug #3), a value of 0 causes:Error Message
Debug Logs
System Information
Screenshots
No response
Steps to Reproduce
vgrep config set watch-debounce 0vgrep watch .toporhtopExpected Behavior
Actual Behavior
poll_interval(0ms)causing tight loopAdditional Context
Tested and Confirmed:
$ vgrep config set watch-debounce 0 ✅ Set watch_debounce_ms = 0DoS Impact: Medium - Can cause local denial of service through CPU exhaustion.