Changeset 45449 in vbox for trunk/src/libs/libxml2-2.6.31
- Timestamp:
- Apr 10, 2013 8:39:01 AM (12 years ago)
- Location:
- trunk/src/libs/libxml2-2.6.31
- Files:
-
- 4 edited
-
include/libxml/parser.h (modified) (1 diff)
-
include/libxml/parserInternals.h (modified) (1 diff)
-
parser.c (modified) (9 diffs)
-
parserInternals.c (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/libs/libxml2-2.6.31/include/libxml/parser.h
r39921 r45449 300 300 unsigned long nbentities; /* number of entities references */ 301 301 unsigned long sizeentities; /* size of parsed entities */ 302 unsigned long sizeentcopy; /* volume of entity copy */ 302 303 }; 303 304 -
trunk/src/libs/libxml2-2.6.31/include/libxml/parserInternals.h
r39915 r45449 30 30 */ 31 31 XMLPUBVAR unsigned int xmlParserMaxDepth; 32 33 /** 34 * XML_MAX_TEXT_LENGTH: 35 * 36 * Maximum size allowed for a single text node when building a tree. 37 * This is not a limitation of the parser but a safety boundary feature, 38 * use XML_PARSE_HUGE option to override it. 39 */ 40 #define XML_MAX_TEXT_LENGTH 10000000 32 41 33 42 /** -
trunk/src/libs/libxml2-2.6.31/parser.c
r44084 r45449 112 112 static int 113 113 xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size, 114 xmlEntityPtr ent )114 xmlEntityPtr ent, size_t replacement) 115 115 { 116 116 size_t consumed = 0; … … 120 120 if (ctxt->lastError.code == XML_ERR_ENTITY_LOOP) 121 121 return (1); 122 if (size != 0) { 122 if (replacement != 0) { 123 if (replacement < XML_MAX_TEXT_LENGTH) 124 return(0); 125 126 /* 127 * If the volume of entity copy reaches 10 times the 128 * amount of parsed data and over the large text threshold 129 * then that's very likely to be an abuse. 130 */ 131 if (ctxt->input != NULL) { 132 consumed = ctxt->input->consumed + 133 (ctxt->input->cur - ctxt->input->base); 134 } 135 consumed += ctxt->sizeentities; 136 137 if (replacement < XML_PARSER_NON_LINEAR * consumed) 138 return(0); 139 } else if (size != 0) { 123 140 /* 124 141 * Do the check based on the replacement size of the entity … … 166 183 return (0); 167 184 } 168 169 185 xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL); 170 186 return (1); … … 2379 2395 buffer[nbchars++] = *current++; 2380 2396 if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) { 2381 if (xmlParserEntityCheck(ctxt, nbchars, ent )) {2397 if (xmlParserEntityCheck(ctxt, nbchars, ent, 0)) { 2382 2398 xmlFree(rep); 2383 2399 goto int_error; … … 2421 2437 buffer[nbchars++] = *current++; 2422 2438 if (nbchars + XML_PARSER_BUFFER_SIZE > buffer_size) { 2423 if (xmlParserEntityCheck(ctxt, nbchars, ent )) {2439 if (xmlParserEntityCheck(ctxt, nbchars, ent, 0)) { 2424 2440 xmlFree(rep); 2425 2441 goto int_error; … … 6278 6294 return; 6279 6295 } 6280 if (xmlParserEntityCheck(ctxt, 0, ent )) {6296 if (xmlParserEntityCheck(ctxt, 0, ent, 0)) { 6281 6297 xmlFreeNodeList(list); 6282 6298 return; … … 6431 6447 6432 6448 /* 6449 * We are copying here, make sure there is no abuse 6450 */ 6451 ctxt->sizeentcopy += ent->length; 6452 if (xmlParserEntityCheck(ctxt, 0, ent, ctxt->sizeentcopy)) 6453 return; 6454 6455 /* 6433 6456 * when operating on a reader, the entities definitions 6434 6457 * are always owning the entities subtree. … … 6470 6493 xmlNodePtr nw = NULL, cur, next, last, 6471 6494 firstChild = NULL; 6495 6496 /* 6497 * We are copying here, make sure there is no abuse 6498 */ 6499 ctxt->sizeentcopy += ent->length; 6500 if (xmlParserEntityCheck(ctxt, 0, ent, ctxt->sizeentcopy)) 6501 return; 6502 6472 6503 /* 6473 6504 * Copy the entity child list and make it the new … … 13308 13339 ctxt->nbentities = 0; 13309 13340 ctxt->sizeentities = 0; 13341 ctxt->sizeentcopy = 0; 13310 13342 xmlInitNodeInfoSeq(&ctxt->node_seq); 13311 13343 -
trunk/src/libs/libxml2-2.6.31/parserInternals.c
r39921 r45449 1672 1672 ctxt->catalogs = NULL; 1673 1673 ctxt->nbentities = 0; 1674 ctxt->sizeentities = 0; 1675 ctxt->sizeentcopy = 0; 1674 1676 xmlInitNodeInfoSeq(&ctxt->node_seq); 1675 1677 return(0);
Note:
See TracChangeset
for help on using the changeset viewer.
