[librsvg: 1/16] limits.rs - New file; move the constant for maximum instanced nodes here

From: Federico Mena Quintero <federico src gnome org>
To: commits-list gnome org
Cc:
Subject: [librsvg: 1/16] limits.rs - New file; move the constant for maximum instanced nodes here
Date: Fri, 11 Oct 2019 23:42:30 +0000 (UTC)

commit 50b3a5f1dd7f10837220fe430737dcbda7736a8c
Author: Federico Mena Quintero <federico gnome org>
Date:   Thu Oct 10 15:16:19 2019 -0500

    limits.rs - New file; move the constant for maximum instanced nodes here

 Makefile.am                       |  1 +
 rsvg_internals/src/drawing_ctx.rs |  3 ++-
 rsvg_internals/src/lib.rs         |  1 +
 rsvg_internals/src/limits.rs      | 11 +++++++++++
 4 files changed, 15 insertions(+), 1 deletion(-)
---
diff --git a/Makefile.am b/Makefile.am
index a83042c0..23341928 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -68,6 +68,7 @@ LIBRSVG_INTERNALS_SRC =                                               \
        rsvg_internals/src/iri.rs                               \
        rsvg_internals/src/length.rs                            \
        rsvg_internals/src/lib.rs                               \
+       rsvg_internals/src/limits.rs                            \
        rsvg_internals/src/log.rs                               \
        rsvg_internals/src/link.rs                              \
        rsvg_internals/src/marker.rs                            \
diff --git a/rsvg_internals/src/drawing_ctx.rs b/rsvg_internals/src/drawing_ctx.rs
index 0a8acbb9..1253ac64 100644
--- a/rsvg_internals/src/drawing_ctx.rs
+++ b/rsvg_internals/src/drawing_ctx.rs
@@ -13,6 +13,7 @@ use crate::error::{AcquireError, RenderingError};
 use crate::filters;
 use crate::gradient::{NodeLinearGradient, NodeRadialGradient};
 use crate::length::Dasharray;
+use crate::limits;
 use crate::mask::NodeMask;
 use crate::node::{CascadedValues, NodeDraw, NodeType, RsvgNode};
 use crate::paint_server::{PaintServer, PaintSource};
@@ -879,7 +880,7 @@ impl DrawingCtx {
     }
 
     fn check_limits(&self) -> Result<(), RenderingError> {
-        if self.num_elements_rendered_through_use > 500_000 {
+        if self.num_elements_rendered_through_use > limits::MAX_REFERENCED_ELEMENTS {
             Err(RenderingError::InstancingLimit)
         } else {
             Ok(())
diff --git a/rsvg_internals/src/lib.rs b/rsvg_internals/src/lib.rs
index 6d2276d2..0ddd1abd 100644
--- a/rsvg_internals/src/lib.rs
+++ b/rsvg_internals/src/lib.rs
@@ -66,6 +66,7 @@ mod image;
 mod io;
 mod iri;
 mod length;
+mod limits;
 mod link;
 mod marker;
 mod mask;
diff --git a/rsvg_internals/src/limits.rs b/rsvg_internals/src/limits.rs
new file mode 100644
index 00000000..f5d58d95
--- /dev/null
+++ b/rsvg_internals/src/limits.rs
@@ -0,0 +1,11 @@
+/// This is a mitigation for the security-related bug
+/// https://gitlab.gnome.org/GNOME/librsvg/issues/323 - imagine
+/// the XML [billion laughs attack], but done by creating deeply
+/// nested groups of `<use>` elements.  The first one references
+/// the second one ten times, the second one references the third
+/// one ten times, and so on.  In the file given, this causes
+/// 10^17 objects to be rendered.  While this does not exhaust
+/// memory, it would take a really long time.
+///
+/// [billion laughs attack]: https://bitbucket.org/tiran/defusedxml
+pub const MAX_REFERENCED_ELEMENTS: usize = 500_000;

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]