database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-27 12:41:57 +03:00
Code Activity

Revert "Add support for parsing of large XML data (>= 10MB)"

Browse Source 
This reverts commit 2197d06224, following a discussion over a Coverity
report where issues like the "Billion laugh attack" could cause the
backend to waste CPU and memory even if a client applied checks on the
size of the data given in input, and libxml2 does not offer guarantees
that input limits are respected under XML_PARSE_HUGE.

Discussion: https://postgr.es/m/ZbHlgrPLtBZyr_QW@paquier.xyz
This commit is contained in:
Michael Paquier
2024-01-26 10:15:32 +09:00
parent 376c216138
commit f2743a7d70
3 changed files with 13 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
contrib/xml2/xslt_proc.c
View File

@ -87,7 +87,7 @@ xslt_process(PG_FUNCTION_ARGS)
/* Parse document */
doctree = xmlReadMemory((char *) VARDATA_ANY(doct),
VARSIZE_ANY_EXHDR(doct), NULL, NULL,
XML_PARSE_HUGE | XML_PARSE_NOENT);
XML_PARSE_NOENT);
if (doctree == NULL)
xml_ereport(xmlerrcxt, ERROR, ERRCODE_EXTERNAL_ROUTINE_EXCEPTION,
@ -96,7 +96,7 @@ xslt_process(PG_FUNCTION_ARGS)
/* Same for stylesheet */
ssdoc = xmlReadMemory((char *) VARDATA_ANY(ssheet),
VARSIZE_ANY_EXHDR(ssheet), NULL, NULL,
XML_PARSE_HUGE | XML_PARSE_NOENT);
XML_PARSE_NOENT);
if (ssdoc == NULL)
xml_ereport(xmlerrcxt, ERROR, ERRCODE_EXTERNAL_ROUTINE_EXCEPTION,