[libxml2] Limit recursion depth in xmlXPathOptimizeExpression

From: Nick Wellnhofer <nwellnhof src gnome org>
To: commits-list gnome org
Cc:
Subject: [libxml2] Limit recursion depth in xmlXPathOptimizeExpression
Date: Mon, 22 Apr 2019 12:52:21 +0000 (UTC)

commit 012f8e92847a4e5ff684e7bd8e81a0b1ad104e32
Author: Nick Wellnhofer <wellnhofer aevum de>
Date:   Sat Apr 20 17:01:19 2019 +0200

    Limit recursion depth in xmlXPathOptimizeExpression

 xpath.c | 33 +++++++++++++++++++++++++--------
 1 file changed, 25 insertions(+), 8 deletions(-)
---
diff --git a/xpath.c b/xpath.c
index 1c567d78..4647ab0e 100644
--- a/xpath.c
+++ b/xpath.c
@@ -14654,8 +14654,12 @@ xmlXPathTryStreamCompile(xmlXPathContextPtr ctxt, const xmlChar *str) {
 #endif /* XPATH_STREAMING */
 
 static void
-xmlXPathOptimizeExpression(xmlXPathCompExprPtr comp, xmlXPathStepOpPtr op)
+xmlXPathOptimizeExpression(xmlXPathParserContextPtr pctxt,
+                           xmlXPathStepOpPtr op)
 {
+    xmlXPathCompExprPtr comp = pctxt->comp;
+    xmlXPathContextPtr ctxt;
+
     /*
     * Try to rewrite "descendant-or-self::node()/foo" to an optimized
     * internal representation.
@@ -14711,10 +14715,18 @@ xmlXPathOptimizeExpression(xmlXPathCompExprPtr comp, xmlXPathStepOpPtr op)
         return;
 
     /* Recurse */
+    ctxt = pctxt->context;
+    if (ctxt != NULL) {
+        if (ctxt->depth >= ctxt->maxDepth)
+            return;
+        ctxt->depth += 1;
+    }
     if (op->ch1 != -1)
-        xmlXPathOptimizeExpression(comp, &comp->steps[op->ch1]);
+        xmlXPathOptimizeExpression(pctxt, &comp->steps[op->ch1]);
     if (op->ch2 != -1)
-       xmlXPathOptimizeExpression(comp, &comp->steps[op->ch2]);
+       xmlXPathOptimizeExpression(pctxt, &comp->steps[op->ch2]);
+    if (ctxt != NULL)
+        ctxt->depth -= 1;
 }
 
 /**
@@ -14764,6 +14776,11 @@ xmlXPathCtxtCompile(xmlXPathContextPtr ctxt, const xmlChar *str) {
        comp = NULL;
     } else {
        comp = pctxt->comp;
+       if ((comp->nbStep > 1) && (comp->last >= 0)) {
+            if (ctxt != NULL)
+                ctxt->depth = 0;
+           xmlXPathOptimizeExpression(pctxt, &comp->steps[comp->last]);
+       }
        pctxt->comp = NULL;
     }
     xmlXPathFreeParserContext(pctxt);
@@ -14774,9 +14791,6 @@ xmlXPathCtxtCompile(xmlXPathContextPtr ctxt, const xmlChar *str) {
        comp->string = xmlStrdup(str);
        comp->nb = 0;
 #endif
-       if ((comp->nbStep > 1) && (comp->last >= 0)) {
-           xmlXPathOptimizeExpression(comp, &comp->steps[comp->last]);
-       }
     }
     return(comp);
 }
@@ -14942,9 +14956,12 @@ xmlXPathEvalExpr(xmlXPathParserContextPtr ctxt) {
         if (*ctxt->cur != 0)
             XP_ERROR(XPATH_EXPR_ERROR);
 
-       if ((ctxt->comp->nbStep > 1) && (ctxt->comp->last >= 0))
-           xmlXPathOptimizeExpression(ctxt->comp,
+       if ((ctxt->comp->nbStep > 1) && (ctxt->comp->last >= 0)) {
+            if (ctxt->context != NULL)
+                ctxt->context->depth = 0;
+           xmlXPathOptimizeExpression(ctxt,
                &ctxt->comp->steps[ctxt->comp->last]);
+        }
     }
 
     xmlXPathRunEval(ctxt, 0);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]