diff options
| author | Nick Wellnhofer <wellnhofer@aevum.de> | 2020-06-28 15:54:23 +0200 |
|---|---|---|
| committer | Nick Wellnhofer <wellnhofer@aevum.de> | 2020-07-06 12:17:20 +0200 |
| commit | 477c7f6affcb665305b333f92ce0a782325b4156 (patch) | |
| tree | 174e42f2900b8072be4d25666a23a11de03875d0 /test | |
| parent | f8329fdc234a43b858271acc75ea70881e35fcae (diff) | |
| download | libxml2-477c7f6affcb665305b333f92ce0a782325b4156.tar.gz | |
Fix quadratic runtime in HTML parser
Commit eeb99329 removed an important optimization avoiding quadratic
runtime when repeatedly scanning the input buffer for terminating
characters in the HTML push parser. The related bug is
https://bugzilla.gnome.org/show_bug.cgi?id=444994
Make sure that ctxt->checkIndex is always written and store additional
parser state in ctxt->inSubset which is unused in the HTML parser.
Found by OSS-Fuzz.
Diffstat (limited to 'test')
| -rw-r--r-- | test/HTML/chunked_attr.html | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/test/HTML/chunked_attr.html b/test/HTML/chunked_attr.html new file mode 100644 index 00000000..84d81796 --- /dev/null +++ b/test/HTML/chunked_attr.html @@ -0,0 +1,53 @@ +<html> +<!-- +This tests internal state tracking of the push parser and assumes a chunk +size of 4096 (or a divisor of 4096) and an initial chunk of size 4. +Make sure that the first '<' in the attribute value ends up near +offset 4100. +--> +<body> +<p> +Filler bytes follow: + + 100 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 + 200 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 + 300 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 + 400 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 + 500 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 + 600 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 + 700 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 + 800 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 + 900 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 + 1000 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 + 100 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 + 200 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 + 300 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 + 400 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 + 500 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 + 600 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 + 700 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 + 800 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 + 900 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 + 2000 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 + 100 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 + 200 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 + 300 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 + 400 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 + 500 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 + 600 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 + 700 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 + 800 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 +xxx +</p> +<div + fill1="123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789" + onmouseover="x<b>text</b>x" + fill2="123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789" + fill3="123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789" + fill4="123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789" + fill5="123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789" + fill6="123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789" +> +</div> +</body> +</html> |