lib/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-07-28 00:21:53 +03:00
Code Activity

592430 - HTML parser runs into endless loop

Browse Source 
* HTMLparser.c: fix the problem with detection erroring absolutely, and
  properly popping up the stack when in EOF, also passes XML_PARSE_HUGE
  when decoding options.
This commit is contained in:
Daniel Veillard
2009-08-22 11:32:38 +02:00
parent f4653dcd8b
commit e77db16ab1
1 changed files with 139 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
HTMLparser.c
View File

@ -59,7 +59,7 @@ static void htmlParseComment(htmlParserCtxtPtr ctxt);
/************************************************************************ /************************************************************************
* * * *
* Some factorized error routines * * Some factorized error routines *
* * * *
************************************************************************/ ************************************************************************/
@ -147,7 +147,7 @@ htmlParseErrInt(xmlParserCtxtPtr ctxt, xmlParserErrors error,
/************************************************************************ /************************************************************************
* * * *
* Parser stacks related functions and macros * * Parser stacks related functions and macros *
* * * *
************************************************************************/ ************************************************************************/
@ -525,7 +525,7 @@ htmlSkipBlankChars(xmlParserCtxtPtr ctxt) {
/************************************************************************ /************************************************************************
* * * *
* The list of HTML elements and their properties * * The list of HTML elements and their properties *
* * * *
************************************************************************/ ************************************************************************/
@ -1107,7 +1107,7 @@ static int htmlStartCloseIndexinitialized = 0;
/************************************************************************ /************************************************************************
* * * *
* functions to handle HTML specific data * * functions to handle HTML specific data *
* * * *
************************************************************************/ ************************************************************************/
@ -1474,12 +1474,12 @@ htmlIsScriptAttribute(const xmlChar *name) {
unsigned int i; unsigned int i;
if (name == NULL) if (name == NULL)
return(0); return(0);
/* /*
* all script attributes start with 'on' * all script attributes start with 'on'
*/ */
if ((name[0] != 'o') || (name[1] != 'n')) if ((name[0] != 'o') || (name[1] != 'n'))
return(0); return(0);
for (i = 0; for (i = 0;
i < sizeof(htmlScriptAttributes)/sizeof(htmlScriptAttributes[0]); i < sizeof(htmlScriptAttributes)/sizeof(htmlScriptAttributes[0]);
i++) { i++) {
@ -1491,7 +1491,7 @@ htmlIsScriptAttribute(const xmlChar *name) {
/************************************************************************ /************************************************************************
* * * *
* The list of HTML predefined entities * * The list of HTML predefined entities *
* * * *
************************************************************************/ ************************************************************************/
@ -3519,6 +3519,8 @@ htmlParseStartTag(htmlParserCtxtPtr ctxt) {
int i; int i;
int discardtag = 0; int discardtag = 0;
if (ctxt->instate == XML_PARSER_EOF)
return(-1);
if ((ctxt == NULL) || (ctxt->input == NULL)) { if ((ctxt == NULL) || (ctxt->input == NULL)) {
htmlParseErr(ctxt, XML_ERR_INTERNAL_ERROR, htmlParseErr(ctxt, XML_ERR_INTERNAL_ERROR,
"htmlParseStartTag: context error\n", NULL, NULL); "htmlParseStartTag: context error\n", NULL, NULL);
@ -3537,7 +3539,8 @@ htmlParseStartTag(htmlParserCtxtPtr ctxt) {
"htmlParseStartTag: invalid element name\n", "htmlParseStartTag: invalid element name\n",
NULL, NULL); NULL, NULL);
/* Dump the bogus tag like browsers do */ /* Dump the bogus tag like browsers do */
while ((IS_CHAR_CH(CUR)) && (CUR != '>')) while ((IS_CHAR_CH(CUR)) && (CUR != '>') &&
(ctxt->instate != XML_PARSER_EOF))
NEXT; NEXT;
return -1; return -1;
} }
@ -3910,6 +3913,10 @@ htmlParseContent(htmlParserCtxtPtr ctxt) {
long cons = ctxt->nbChars; long cons = ctxt->nbChars;
GROW; GROW;
if (ctxt->instate == XML_PARSER_EOF)
break;
/* /*
* Our tag or one of it's parent or children is ending. * Our tag or one of it's parent or children is ending.
*/ */
@ -3932,7 +3939,7 @@ htmlParseContent(htmlParserCtxtPtr ctxt) {
"htmlParseStartTag: invalid element name\n", "htmlParseStartTag: invalid element name\n",
NULL, NULL); NULL, NULL);
/* Dump the bogus tag like browsers do */ /* Dump the bogus tag like browsers do */
while ((IS_CHAR_CH(CUR)) && (CUR != '>')) while ((IS_CHAR_CH(CUR)) && (CUR != '>'))
NEXT; NEXT;
if (currentNode != NULL) if (currentNode != NULL)
@ -4073,6 +4080,9 @@ htmlParseElement(htmlParserCtxtPtr ctxt) {
int depth; int depth;
const xmlChar *oldptr; const xmlChar *oldptr;
if (ctxt->instate == XML_PARSER_EOF)
return;
if ((ctxt == NULL) || (ctxt->input == NULL)) { if ((ctxt == NULL) || (ctxt->input == NULL)) {
htmlParseErr(ctxt, XML_ERR_INTERNAL_ERROR, htmlParseErr(ctxt, XML_ERR_INTERNAL_ERROR,
"htmlParseElement: context error\n", NULL, NULL); "htmlParseElement: context error\n", NULL, NULL);
@ -4570,7 +4580,7 @@ htmlCreateDocParserCtxt(const xmlChar *cur, const char *encoding) {
#ifdef LIBXML_PUSH_ENABLED #ifdef LIBXML_PUSH_ENABLED
/************************************************************************ /************************************************************************
* * * *
* Progressive parsing interfaces * * Progressive parsing interfaces *
* * * *
************************************************************************/ ************************************************************************/
@ -5185,7 +5195,7 @@ htmlParseTryOrFinish(htmlParserCtxtPtr ctxt, int terminate) {
(in->cur[2] == '-') && (in->cur[3] == '-')) { (in->cur[2] == '-') && (in->cur[3] == '-')) {
if ((!terminate) && if ((!terminate) &&
(htmlParseLookupSequence( (htmlParseLookupSequence(
ctxt, '-', '-', '>', 1, 1) < 0)) ctxt, '-', '-', '>', 1, 1) < 0))
goto done; goto done;
#ifdef DEBUG_PUSH #ifdef DEBUG_PUSH
xmlGenericError(xmlGenericErrorContext, xmlGenericError(xmlGenericErrorContext,
@ -5922,7 +5932,7 @@ htmlNodeStatus(const htmlNodePtr node, int legacy) {
* current scope * current scope
*/ */
#define DICT_FREE(str) \ #define DICT_FREE(str) \
if ((str) && ((!dict) || \ if ((str) && ((!dict) || \
(xmlDictOwns(dict, (const xmlChar *)(str)) == 0))) \ (xmlDictOwns(dict, (const xmlChar *)(str)) == 0))) \
xmlFree((char *)(str)); xmlFree((char *)(str));
@ -6064,6 +6074,10 @@ htmlCtxtUseOptions(htmlParserCtxtPtr ctxt, int options)
ctxt->options |= HTML_PARSE_COMPACT; ctxt->options |= HTML_PARSE_COMPACT;
options -= HTML_PARSE_COMPACT; options -= HTML_PARSE_COMPACT;
} }
if (options & XML_PARSE_HUGE) {
ctxt->options |= XML_PARSE_HUGE;
options -= XML_PARSE_HUGE;
}
ctxt->dictNames = 0; ctxt->dictNames = 0;
return (options); return (options);
} }