From f7b872e673f9b359a61fd287a7338a28077840d2 Mon Sep 17 00:00:00 2001
From: Takeshi KOMIYA <i.tkomiya@gmail.com>
Date: Sun, 20 Sep 2020 17:48:00 +0900
Subject: [PATCH] Fix #8175: intersphinx: Potential of regex denial of service
 by inventory

---
 CHANGES                  | 1 +
 sphinx/util/inventory.py | 7 ++++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index 3e155f33a..aa7b92d73 100644
--- a/CHANGES
+++ b/CHANGES
@@ -35,6 +35,7 @@ Bugs fixed
 * #8192: napoleon: description is disappeared when it contains inline literals
 * #8172: napoleon: Potential of regex denial of service in google style docs
 * #8169: LaTeX: pxjahyper loaded even when latex_engine is not platex
+* #8175: intersphinx: Potential of regex denial of service by broken inventory
 * #8093: The highlight warning has wrong location in some builders (LaTeX,
   singlehtml and so on)
 
diff --git a/sphinx/util/inventory.py b/sphinx/util/inventory.py
index 9b647ccac..1e3572323 100644
--- a/sphinx/util/inventory.py
+++ b/sphinx/util/inventory.py
@@ -122,11 +122,16 @@ class InventoryFile:
 
         for line in stream.read_compressed_lines():
             # be careful to handle names with embedded spaces correctly
-            m = re.match(r'(?x)(.+?)\s+(\S*:\S*)\s+(-?\d+)\s+?(\S*)\s+(.*)',
+            m = re.match(r'(?x)(.+?)\s+(\S+)\s+(-?\d+)\s+?(\S*)\s+(.*)',
                          line.rstrip())
             if not m:
                 continue
             name, type, prio, location, dispname = m.groups()
+            if ':' not in type:
+                # wrong type value. type should be in the form of "{domain}:{objtype}"
+                #
+                # Note: To avoid the regex DoS, this is implemented in python (refs: #8175)
+                continue
             if type == 'py:module' and type in invdata and name in invdata[type]:
                 # due to a bug in 1.1 and below,
                 # two inventory entries are created