mirror of
https://gitlab.gnome.org/GNOME/libxml2
synced 2025-03-28 21:33:13 +00:00
parser: Fix short-lived regression causing infinite loops
Fix 3eb6bf03. We really have to halt the parser, so the input buffer gets reset.
This commit is contained in:
Nick Wellnhofer
parent
1a6a9d6878
commit
b167c73144
@ -23,6 +23,8 @@ XML_HIDDEN void
|
||||
__xmlErrEncoding(xmlParserCtxtPtr ctxt, xmlParserErrors xmlerr,
|
||||
const char *msg, const xmlChar *str1,
|
||||
const xmlChar *str2) LIBXML_ATTR_FORMAT(3,0);
|
||||
XML_HIDDEN void
|
||||
xmlHaltParser(xmlParserCtxtPtr ctxt);
|
||||
XML_HIDDEN int
|
||||
xmlParserGrow(xmlParserCtxtPtr ctxt);
|
||||
XML_HIDDEN int
|
||||
|
||||
37
parser.c
37
parser.c
@ -100,8 +100,6 @@ xmlCreateEntityParserCtxtInternal(xmlSAXHandlerPtr sax, void *userData,
|
||||
const xmlChar *URL, const xmlChar *ID, const xmlChar *base,
|
||||
xmlParserCtxtPtr pctx);
|
||||
|
||||
static void xmlHaltParser(xmlParserCtxtPtr ctxt);
|
||||
|
||||
static int
|
||||
xmlParseElementStart(xmlParserCtxtPtr ctxt);
|
||||
|
||||
@ -12401,41 +12399,6 @@ xmlCreatePushParserCtxt(xmlSAXHandlerPtr sax, void *user_data,
|
||||
}
|
||||
#endif /* LIBXML_PUSH_ENABLED */
|
||||
|
||||
/**
|
||||
* xmlHaltParser:
|
||||
* @ctxt: an XML parser context
|
||||
*
|
||||
* Blocks further parser processing don't override error
|
||||
* for internal use
|
||||
*/
|
||||
static void
|
||||
xmlHaltParser(xmlParserCtxtPtr ctxt) {
|
||||
if (ctxt == NULL)
|
||||
return;
|
||||
ctxt->instate = XML_PARSER_EOF;
|
||||
ctxt->disableSAX = 1;
|
||||
while (ctxt->inputNr > 1)
|
||||
xmlFreeInputStream(inputPop(ctxt));
|
||||
if (ctxt->input != NULL) {
|
||||
/*
|
||||
* in case there was a specific allocation deallocate before
|
||||
* overriding base
|
||||
*/
|
||||
if (ctxt->input->free != NULL) {
|
||||
ctxt->input->free((xmlChar *) ctxt->input->base);
|
||||
ctxt->input->free = NULL;
|
||||
}
|
||||
if (ctxt->input->buf != NULL) {
|
||||
xmlFreeParserInputBuffer(ctxt->input->buf);
|
||||
ctxt->input->buf = NULL;
|
||||
}
|
||||
ctxt->input->cur = BAD_CAST"";
|
||||
ctxt->input->length = 0;
|
||||
ctxt->input->base = ctxt->input->cur;
|
||||
ctxt->input->end = ctxt->input->cur;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* xmlStopParser:
|
||||
* @ctxt: an XML parser context
|
||||
|
||||
@ -258,6 +258,41 @@ void check_buffer(xmlParserInputPtr in) {
|
||||
#endif
|
||||
|
||||
|
||||
/**
|
||||
* xmlHaltParser:
|
||||
* @ctxt: an XML parser context
|
||||
*
|
||||
* Blocks further parser processing don't override error
|
||||
* for internal use
|
||||
*/
|
||||
void
|
||||
xmlHaltParser(xmlParserCtxtPtr ctxt) {
|
||||
if (ctxt == NULL)
|
||||
return;
|
||||
ctxt->instate = XML_PARSER_EOF;
|
||||
ctxt->disableSAX = 1;
|
||||
while (ctxt->inputNr > 1)
|
||||
xmlFreeInputStream(inputPop(ctxt));
|
||||
if (ctxt->input != NULL) {
|
||||
/*
|
||||
* in case there was a specific allocation deallocate before
|
||||
* overriding base
|
||||
*/
|
||||
if (ctxt->input->free != NULL) {
|
||||
ctxt->input->free((xmlChar *) ctxt->input->base);
|
||||
ctxt->input->free = NULL;
|
||||
}
|
||||
if (ctxt->input->buf != NULL) {
|
||||
xmlFreeParserInputBuffer(ctxt->input->buf);
|
||||
ctxt->input->buf = NULL;
|
||||
}
|
||||
ctxt->input->cur = BAD_CAST"";
|
||||
ctxt->input->length = 0;
|
||||
ctxt->input->base = ctxt->input->cur;
|
||||
ctxt->input->end = ctxt->input->cur;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* xmlParserInputRead:
|
||||
* @in: an XML parser input
|
||||
@ -293,8 +328,8 @@ xmlParserGrow(xmlParserCtxtPtr ctxt) {
|
||||
if (((curEnd > XML_MAX_LOOKUP_LIMIT) ||
|
||||
(curBase > XML_MAX_LOOKUP_LIMIT)) &&
|
||||
((ctxt->options & XML_PARSE_HUGE) == 0)) {
|
||||
xmlHaltParser(ctxt);
|
||||
xmlErrInternal(ctxt, "Huge input lookup", NULL);
|
||||
ctxt->instate = XML_PARSER_EOF;
|
||||
return(-1);
|
||||
}
|
||||
|
||||
@ -305,9 +340,7 @@ xmlParserGrow(xmlParserCtxtPtr ctxt) {
|
||||
|
||||
in->base = xmlBufContent(buf->buffer);
|
||||
if (in->base == NULL) {
|
||||
in->base = BAD_CAST "";
|
||||
in->cur = in->base;
|
||||
in->end = in->base;
|
||||
xmlHaltParser(ctxt);
|
||||
xmlErrMemory(ctxt, NULL);
|
||||
return(-1);
|
||||
}
|
||||
@ -316,8 +349,8 @@ xmlParserGrow(xmlParserCtxtPtr ctxt) {
|
||||
|
||||
/* TODO: Get error code from xmlParserInputBufferGrow */
|
||||
if (ret < 0) {
|
||||
xmlHaltParser(ctxt);
|
||||
xmlErrInternal(ctxt, "Growing input buffer", NULL);
|
||||
ctxt->instate = XML_PARSER_EOF;
|
||||
}
|
||||
|
||||
return(ret);
|
||||
@ -419,9 +452,7 @@ xmlParserShrink(xmlParserCtxtPtr ctxt) {
|
||||
|
||||
in->base = xmlBufContent(buf->buffer);
|
||||
if (in->base == NULL) {
|
||||
in->base = BAD_CAST "";
|
||||
in->cur = in->base;
|
||||
in->end = in->base;
|
||||
xmlHaltParser(ctxt);
|
||||
xmlErrMemory(ctxt, NULL);
|
||||
return(-1);
|
||||
}
|
||||
@ -430,8 +461,8 @@ xmlParserShrink(xmlParserCtxtPtr ctxt) {
|
||||
|
||||
/* TODO: Get error code from xmlParserInputBufferGrow */
|
||||
if (ret < 0) {
|
||||
xmlHaltParser(ctxt);
|
||||
xmlErrInternal(ctxt, "Growing input buffer", NULL);
|
||||
ctxt->instate = XML_PARSER_EOF;
|
||||
}
|
||||
|
||||
return(ret);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user