c/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2 synced 2025-03-28 21:33:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

fuzz: Account for quadratic runtime in xmlXPathTranslateFunction

Browse Source 
Avoid fuzzer timeouts caused by this known issue.
This commit is contained in:
Nick Wellnhofer 2024-04-09 18:00:13 +02:00
parent fd8a35114f
commit 20b0bd9800
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
xpath.c
View File

@ -8316,6 +8316,21 @@ xmlXPathTranslateFunction(xmlXPathParserContextPtr ctxt, int nargs) {
if (ctxt->error != 0)
goto error;
/*
* Account for quadratic runtime
*/
if (ctxt->context->opLimit != 0) {
unsigned long f1 = xmlStrlen(from->stringval) / 100;
unsigned long f2 = xmlStrlen(str->stringval);
if ((f1 > 0) && (f2 > 0)) {
unsigned long p = f1 > ULONG_MAX / f2 ? ULONG_MAX : f1 * f2;
if (xmlXPathCheckOpLimit(ctxt, p) < 0)
goto error;
}
}
target = xmlBufCreateSize(64);
if (target == NULL) {
xmlXPathPErrMemory(ctxt);