GNOME.org
 

[libxslt] Don't set maxDepth in XPath contexts

commit 77c26bad0433541f486b1e7ced44ca9979376908
Author: Nick Wellnhofer <wellnhofer aevum de>
Date:   Wed Aug 26 00:34:38 2020 +0200

    Don't set maxDepth in XPath contexts
    
    The maximum recursion depth is hardcoded in libxml2 now.

 libxslt/functions.c |  2 +-
 tests/fuzz/fuzz.c   | 11 ++---------
 2 files changed, 3 insertions(+), 10 deletions(-)
---
diff --git a/libxslt/functions.c b/libxslt/functions.c
index 975ea790..7887dda7 100644
--- a/libxslt/functions.c
+++ b/libxslt/functions.c
@@ -182,7 +182,7 @@ xsltDocumentFunctionLoadDocument(xmlXPathParserContextPtr ctxt, xmlChar* URI)
     defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
     xptrctxt->opLimit = ctxt->context->opLimit;
     xptrctxt->opCount = ctxt->context->opCount;
-    xptrctxt->maxDepth = ctxt->context->maxDepth - ctxt->context->depth;
+    xptrctxt->depth = ctxt->context->depth;
 
     resObj = xmlXPtrEval(fragment, xptrctxt);
 
diff --git a/tests/fuzz/fuzz.c b/tests/fuzz/fuzz.c
index 75234ad6..780c2d41 100644
--- a/tests/fuzz/fuzz.c
+++ b/tests/fuzz/fuzz.c
@@ -183,7 +183,6 @@ xsltFuzzXPathInit(int *argc_p ATTRIBUTE_UNUSED, char ***argv_p,
     xpctxt = tctxt->xpathCtxt;
 
     /* Resource limits to avoid timeouts and call stack overflows */
-    xpctxt->maxDepth = 500;
     xpctxt->opLimit = 500000;
 
     /* Test namespaces used in xpath.xml */
@@ -314,12 +313,6 @@ xsltFuzzXsltInit(int *argc_p ATTRIBUTE_UNUSED, char ***argv_p,
     return 0;
 }
 
-static void
-xsltSetXPathResourceLimits(xmlXPathContextPtr ctxt) {
-    ctxt->maxDepth = 200;
-    ctxt->opLimit = 100000;
-}
-
 xmlChar *
 xsltFuzzXslt(const char *data, size_t size) {
     xmlDocPtr xsltDoc;
@@ -349,7 +342,7 @@ xsltFuzzXslt(const char *data, size_t size) {
         xmlFreeDoc(xsltDoc);
         return NULL;
     }
-    xsltSetXPathResourceLimits(sheet->xpathCtxt);
+    sheet->xpathCtxt->opLimit = 100000;
     sheet->xpathCtxt->opCount = 0;
     if (xsltParseStylesheetUser(sheet, xsltDoc) != 0) {
         xsltFreeStylesheet(sheet);
@@ -361,7 +354,7 @@ xsltFuzzXslt(const char *data, size_t size) {
     xsltSetCtxtSecurityPrefs(sec, ctxt);
     ctxt->maxTemplateDepth = 100;
     ctxt->opLimit = 20000;
-    xsltSetXPathResourceLimits(ctxt->xpathCtxt);
+    ctxt->xpathCtxt->opLimit = 100000;
     ctxt->xpathCtxt->opCount = sheet->xpathCtxt->opCount;
 
     result = xsltApplyStylesheetUser(sheet, doc, NULL, NULL, NULL, ctxt);
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]