[libxml2] Avoid call stack overflow with XML reader and recursive XIncludes

From: Nick Wellnhofer <nwellnhof src gnome org>
To: commits-list gnome org
Cc:
Subject: [libxml2] Avoid call stack overflow with XML reader and recursive XIncludes
Date: Mon, 9 Nov 2020 17:30:31 +0000 (UTC)

commit 31c6ce3b63f8a494ad9e31ca65187a73d8ad3508
Author: Nick Wellnhofer <wellnhofer aevum de>
Date:   Mon Nov 9 17:55:44 2020 +0100

    Avoid call stack overflow with XML reader and recursive XIncludes
    
    Don't process XIncludes in the result of another inclusion to avoid
    infinite recursion resulting in a call stack overflow.
    
    This is something the XInclude engine shouldn't allow but correct
    handling of intra-document includes would require major changes.
    
    Found by OSS-Fuzz.

 xmlreader.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
---
diff --git a/xmlreader.c b/xmlreader.c
index 01adf74f4..72e40b032 100644
--- a/xmlreader.c
+++ b/xmlreader.c
@@ -1585,7 +1585,8 @@ node_found:
     /*
      * Handle XInclude if asked for
      */
-    if ((reader->xinclude) && (reader->node != NULL) &&
+    if ((reader->xinclude) && (reader->in_xinclude == 0) &&
+        (reader->node != NULL) &&
        (reader->node->type == XML_ELEMENT_NODE) &&
        (reader->node->ns != NULL) &&
        ((xmlStrEqual(reader->node->ns->href, XINCLUDE_NS)) ||

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]