Guarding against a user-supplied catastrophic regular expression

regex-timeout.py

import re
import os
import sys
import time
import signal
from contextlib import contextmanager

@contextmanager
def timeout(seconds, exceptionClass):
    old_alarm = signal.alarm(seconds)
    if old_alarm < seconds:
        signal.alarm(old_alarm)
        yield
        return
    def timeout_handler(signum, frame): raise exceptionClass()
    old_handler = signal.signal(signal.SIGALRM, timeout_handler)
    start = time.time()
    try:
        yield
    finally:
        signal.alarm(0)
        signal.signal(signal.SIGALRM, old_handler)
        if old_alarm > 0:
            spent = time.time() - start
            old_alarm -= spent
            if old_alarm < 0:
                os.kill(os.getpid(), signal.SIGALRM)
            else:
                old_alarm = int(round(old_alarm))
                if old_alarm == 0: old_alarm = 1
                signal.alarm(old_alarm)

class TimeoutException(Exception): pass
n = 28
r = re.compile("a?"*n + "a"*n)
start = time.time()
signal.alarm(5)
try:
    for i in range(0,3):
        with timeout(2, TimeoutException):
            try:
                r.match("a"*n)
            except TimeoutException:
                print "timed out!"
            finally:
                print time.time() - start
    time.sleep(5)
finally:
    print time.time() - start