c/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2 synced 2025-03-28 21:33:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Limit regexp nesting depth

Browse Source 
Enforce a maximum nesting depth of 50 for regular expressions. Avoids
stack overflows with deeply nested regexes.

Found by OSS-Fuzz.
This commit is contained in:
Nick Wellnhofer 2020-07-06 15:22:12 +02:00
parent 1e41e4fa8e
commit fc842f6eba
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
xmlregexp.c
View File

@ -273,6 +273,8 @@ struct _xmlAutomata {
int determinist;
int negs;
int flags;
int depth;
};
struct _xmlRegexp {
@ -5330,6 +5332,10 @@ xmlFAParseAtom(xmlRegParserCtxtPtr ctxt) {
xmlRegStatePtr start, oldend, start0;
NEXT;
if (ctxt->depth >= 50) {
ERROR("xmlFAParseAtom: maximum nesting depth exceeded");
return(-1);
}
/*
* this extra Epsilon transition is needed if we count with 0 allowed
* unfortunately this can't be known at that point
@ -5341,7 +5347,9 @@ xmlFAParseAtom(xmlRegParserCtxtPtr ctxt) {
oldend = ctxt->end;
ctxt->end = NULL;
ctxt->atom = NULL;
ctxt->depth++;
xmlFAParseRegExp(ctxt, 0);
ctxt->depth--;
if (CUR == ')') {
NEXT;
} else {