Detect deep recusion on function calls

* libxslt/xsltInternals.h libexslt/functions.c: add a function call counting in the transformation context, and test/increment/decrement in exsltFuncFunctionFunction enter and exit
2025-08-07 10:42:55 +03:00 · 2009-09-17 11:56:08 +02:00
parent b1ca88f459
commit 3058d809d2
2 changed files with 13 additions and 0 deletions
--- a/libexslt/functions.c
+++ b/libexslt/functions.c
@@ -57,6 +57,8 @@ static void exsltFuncFunctionFunction (xmlXPathParserContextPtr ctxt,
 				       int nargs);
 static exsltFuncFunctionData *exsltFuncNewFunctionData(void);

+#define MAX_FUNC_RECURSION 1000
+
 /*static const xmlChar *exsltResultDataID = (const xmlChar *) "EXSLT Result";*/

 /**
@@ -321,6 +323,15 @@ exsltFuncFunctionFunction (xmlXPathParserContextPtr ctxt, int nargs) {
 			 "param == NULL\n");
 	return;
    }
+    if (tctxt->funcLevel > MAX_FUNC_RECURSION) {
+	xsltGenericError(xsltGenericErrorContext,
+			 "{%s}%s: detected a recursion\n",
+			 ctxt->context->functionURI, ctxt->context->function);
+	ctxt->error = XPATH_MEMORY_ERROR;
+	return;
+    }
+    tctxt->funcLevel++;
+
    /*
     * We have a problem with the evaluation of function parameters.
     * The original library code did not evaluate XPath expressions until
@@ -437,6 +448,7 @@ error:
    * the calling process exits.
    */
    xsltExtensionInstructionResultFinalize(tctxt);
+    tctxt->funcLevel--;
 }