[libxml2] Strengthen behaviour of the push parser in problematic situations

From: Daniel Veillard <veillard src gnome org>
To: commits-list gnome org
Cc:
Subject: [libxml2] Strengthen behaviour of the push parser in problematic situations
Date: Fri, 3 Aug 2012 04:07:59 +0000 (UTC)

commit 2b52aa0050379e95355706cd7b4b2fce6cbece7b
Author: Daniel Veillard <veillard redhat com>
Date:   Tue Jul 31 10:53:47 2012 +0800

    Strengthen behaviour of the push parser in problematic situations
    
    Implement the maximum lookahead stategy, and fix some handling
    of DTD to speed up processing.

 parser.c |   17 +++++++++++++++++
 1 files changed, 17 insertions(+), 0 deletions(-)
---
diff --git a/parser.c b/parser.c
index 9df68c0..a95dd1a 100644
--- a/parser.c
+++ b/parser.c
@@ -11832,6 +11832,10 @@ not_end_of_int_subset:
 		/*
 		 * We didn't found the end of the Internal subset
 		 */
+                if (quote == 0)
+                    ctxt->checkIndex = base;
+                else
+                    ctxt->checkIndex = 0;
 #ifdef DEBUG_PUSH
 		if (next == 0)
 		    xmlGenericError(xmlGenericErrorContext,
@@ -11840,6 +11844,7 @@ not_end_of_int_subset:
 	        goto done;
 
 found_end_int_subset:
+                ctxt->checkIndex = 0;
 		xmlParseInternalSubset(ctxt);
 		ctxt->inSubset = 2;
 		if ((ctxt->sax != NULL) && (!ctxt->disableSAX) &&
@@ -11979,6 +11984,11 @@ xmlParseCheckTransition(xmlParserCtxtPtr ctxt, const char *chunk, int size) {
             return(1);
         return(0);
     }
+    if (ctxt->instate == XML_PARSER_DTD) {
+        if (memchr(chunk, ']', size) != NULL)
+            return(1);
+        return(0);
+    }
     return(1);
 }
 
@@ -12105,6 +12115,13 @@ xmldecl_done:
                                      avail - old_avail)))
             xmlParseTryOrFinish(ctxt, terminate);
     }
+    if ((ctxt->input != NULL) &&
+         (((ctxt->input->end - ctxt->input->cur) > XML_MAX_LOOKUP_LIMIT) ||
+         ((ctxt->input->cur - ctxt->input->base) > XML_MAX_LOOKUP_LIMIT)) &&
+        ((ctxt->options & XML_PARSE_HUGE) == 0)) {
+        xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR, "Huge input lookup");
+        ctxt->instate = XML_PARSER_EOF;
+    }
     if ((ctxt->errNo != XML_ERR_OK) && (ctxt->disableSAX == 1))
         return(ctxt->errNo);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]