[libxslt] Detect deep recusion on function calls

From: Daniel Veillard <veillard src gnome org>
To: svn-commits-list gnome org
Cc:
Subject: [libxslt] Detect deep recusion on function calls
Date: Thu, 17 Sep 2009 09:58:10 +0000 (UTC)

commit 3058d809d2621aa1d9e416bd86c0ebb243afd45c
Author: Daniel Veillard <veillard redhat com>
Date:   Thu Sep 17 11:56:08 2009 +0200

    Detect deep recusion on function calls
    
    * libxslt/xsltInternals.h libexslt/functions.c: add a function call
      counting in the transformation context, and test/increment/decrement
      in exsltFuncFunctionFunction enter and exit

 libexslt/functions.c    |   12 ++++++++++++
 libxslt/xsltInternals.h |    1 +
 2 files changed, 13 insertions(+), 0 deletions(-)
---
diff --git a/libexslt/functions.c b/libexslt/functions.c
index bef4a5a..13fd06e 100644
--- a/libexslt/functions.c
+++ b/libexslt/functions.c
@@ -57,6 +57,8 @@ static void exsltFuncFunctionFunction (xmlXPathParserContextPtr ctxt,
 				       int nargs);
 static exsltFuncFunctionData *exsltFuncNewFunctionData(void);
 
+#define MAX_FUNC_RECURSION 1000
+
 /*static const xmlChar *exsltResultDataID = (const xmlChar *) "EXSLT Result";*/
 
 /**
@@ -321,6 +323,15 @@ exsltFuncFunctionFunction (xmlXPathParserContextPtr ctxt, int nargs) {
 			 "param == NULL\n");
 	return;
     }
+    if (tctxt->funcLevel > MAX_FUNC_RECURSION) {
+	xsltGenericError(xsltGenericErrorContext,
+			 "{%s}%s: detected a recursion\n",
+			 ctxt->context->functionURI, ctxt->context->function);
+	ctxt->error = XPATH_MEMORY_ERROR;
+	return;
+    }
+    tctxt->funcLevel++;
+
     /*
      * We have a problem with the evaluation of function parameters.
      * The original library code did not evaluate XPath expressions until
@@ -437,6 +448,7 @@ error:
     * the calling process exits.
     */
     xsltExtensionInstructionResultFinalize(tctxt);
+    tctxt->funcLevel--;
 }
 
 
diff --git a/libxslt/xsltInternals.h b/libxslt/xsltInternals.h
index 538b3b3..e991a93 100644
--- a/libxslt/xsltInternals.h
+++ b/libxslt/xsltInternals.h
@@ -1774,6 +1774,7 @@ struct _xsltTransformContext {
                            exits */
     xmlDocPtr localRVTBase;
     int keyInitLevel;   /* Needed to catch recursive keys issues */
+    int funcLevel;      /* Needed to catch recursive functions issues */
 };
 
 /**

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]