diff options
author | Nick Wellnhofer <wellnhofer@aevum.de> | 2022-12-23 21:55:38 +0100 |
---|---|---|
committer | Nick Wellnhofer <wellnhofer@aevum.de> | 2022-12-23 22:11:18 +0100 |
commit | bc18f4a67cf4a62df3724b62c23f63c08407a255 (patch) | |
tree | 2f49070f73a51534c332a42949cf3a3591146e75 /parser.c | |
parent | dd62e541ecd142ebfb16cb7abe3d3ef4ee6617bd (diff) | |
download | libxml2-bc18f4a67cf4a62df3724b62c23f63c08407a255.tar.gz |
parser: Lower entity nesting limit with XML_PARSE_HUGE
The old limit of 1024 could lead to excessively deep call stacks. This
could probably be set much lower without causing issues.
Diffstat (limited to 'parser.c')
-rw-r--r-- | parser.c | 8 |
1 files changed, 4 insertions, 4 deletions
@@ -2270,7 +2270,7 @@ xmlPushInput(xmlParserCtxtPtr ctxt, xmlParserInputPtr input) { "Pushing input %d : %.30s\n", ctxt->inputNr+1, input->cur); } if (((ctxt->inputNr > 40) && ((ctxt->options & XML_PARSE_HUGE) == 0)) || - (ctxt->inputNr > 1024)) { + (ctxt->inputNr > 100)) { xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL); while (ctxt->inputNr > 1) xmlFreeInputStream(inputPop(ctxt)); @@ -2625,7 +2625,7 @@ xmlStringDecodeEntitiesInt(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, if (((ctxt->depth > 40) && ((ctxt->options & XML_PARSE_HUGE) == 0)) || - (ctxt->depth > 1024)) { + (ctxt->depth > 100)) { xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_LOOP, "Maximum entity nesting depth exceeded"); return(NULL); @@ -12818,7 +12818,7 @@ xmlParseExternalEntityPrivate(xmlDocPtr doc, xmlParserCtxtPtr oldctxt, if (((depth > 40) && ((oldctxt == NULL) || (oldctxt->options & XML_PARSE_HUGE) == 0)) || - (depth > 1024)) { + (depth > 100)) { xmlFatalErrMsg(oldctxt, XML_ERR_ENTITY_LOOP, "Maximum entity nesting depth exceeded"); return(XML_ERR_ENTITY_LOOP); @@ -13108,7 +13108,7 @@ xmlParseBalancedChunkMemoryInternal(xmlParserCtxtPtr oldctxt, #endif if (((oldctxt->depth > 40) && ((oldctxt->options & XML_PARSE_HUGE) == 0)) || - (oldctxt->depth > 1024)) { + (oldctxt->depth > 100)) { xmlFatalErrMsg(oldctxt, XML_ERR_ENTITY_LOOP, "Maximum entity nesting depth exceeded"); return(XML_ERR_ENTITY_LOOP); |