lib/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-10-26 00:37:43 +03:00
Code Activity

Stop using maxParserDepth in xpath.c

Browse Source 
Only use a single maxDepth value.
This commit is contained in:
Nick Wellnhofer
2020-08-17 03:37:18 +02:00
parent 74dcc10b55
commit 804c52978f
2 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
fuzz/xpath.c
View File

@@ -34,8 +34,7 @@ LLVMFuzzerTestOneInput(const char *data, size_t size) {
xmlXPathContextPtr xpctxt = xmlXPathNewContext(doc); xmlXPathContextPtr xpctxt = xmlXPathNewContext(doc);
/* Resource limits to avoid timeouts and call stack overflows */ /* Resource limits to avoid timeouts and call stack overflows */
xpctxt->maxParserDepth = 15; xpctxt->maxDepth = 500;
xpctxt->maxDepth = 100;
xpctxt->opLimit = 500000; xpctxt->opLimit = 500000;
xmlXPathFreeObject(xmlXPtrEval(BAD_CAST expr, xpctxt)); xmlXPathFreeObject(xmlXPtrEval(BAD_CAST expr, xpctxt));

9
xpath.c
View File

@@ -6119,7 +6119,6 @@ xmlXPathNewContext(xmlDocPtr doc) {
ret->proximityPosition = -1; ret->proximityPosition = -1;
ret->maxDepth = INT_MAX; ret->maxDepth = INT_MAX;
ret->maxParserDepth = INT_MAX;
#ifdef XP_DEFAULT_CACHE_ON #ifdef XP_DEFAULT_CACHE_ON
if (xmlXPathContextSetCache(ret, 1, -1, 0) == -1) { if (xmlXPathContextSetCache(ret, 1, -1, 0) == -1) {
@@ -10948,9 +10947,13 @@ xmlXPathCompileExpr(xmlXPathParserContextPtr ctxt, int sort) {
xmlXPathContextPtr xpctxt = ctxt->context; xmlXPathContextPtr xpctxt = ctxt->context;
if (xpctxt != NULL) { if (xpctxt != NULL) {
if (xpctxt->depth >= xpctxt->maxParserDepth) if (xpctxt->depth >= xpctxt->maxDepth)
XP_ERROR(XPATH_RECURSION_LIMIT_EXCEEDED); XP_ERROR(XPATH_RECURSION_LIMIT_EXCEEDED);
xpctxt->depth += 1; /*
* Parsing a single '(' pushes about 10 functions on the call stack
* before recursing!
*/
xpctxt->depth += 10;
} }
xmlXPathCompAndExpr(ctxt); xmlXPathCompAndExpr(ctxt);