44 lines
1.2 KiB
Diff
44 lines
1.2 KiB
Diff
From 804c52978fef3f18b8a634280bc5cc79a390c141 Mon Sep 17 00:00:00 2001
|
|
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
|
Date: Mon, 17 Aug 2020 03:37:18 +0200
|
|
Subject: [PATCH] Stop using maxParserDepth in xpath.c
|
|
|
|
Only use a single maxDepth value.
|
|
|
|
Conflict:delete contents of fuzz/xpath.c
|
|
---
|
|
xpath.c | 9 ++++++---
|
|
1 file changed, 6 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/xpath.c b/xpath.c
|
|
index 673482a..c018d03 100644
|
|
--- a/xpath.c
|
|
+++ b/xpath.c
|
|
@@ -6119,7 +6119,6 @@ xmlXPathNewContext(xmlDocPtr doc) {
|
|
ret->proximityPosition = -1;
|
|
|
|
ret->maxDepth = INT_MAX;
|
|
- ret->maxParserDepth = INT_MAX;
|
|
|
|
#ifdef XP_DEFAULT_CACHE_ON
|
|
if (xmlXPathContextSetCache(ret, 1, -1, 0) == -1) {
|
|
@@ -10948,9 +10947,13 @@ xmlXPathCompileExpr(xmlXPathParserContextPtr ctxt, int sort) {
|
|
xmlXPathContextPtr xpctxt = ctxt->context;
|
|
|
|
if (xpctxt != NULL) {
|
|
- if (xpctxt->depth >= xpctxt->maxParserDepth)
|
|
+ if (xpctxt->depth >= xpctxt->maxDepth)
|
|
XP_ERROR(XPATH_RECURSION_LIMIT_EXCEEDED);
|
|
- xpctxt->depth += 1;
|
|
+ /*
|
|
+ * Parsing a single '(' pushes about 10 functions on the call stack
|
|
+ * before recursing!
|
|
+ */
|
|
+ xpctxt->depth += 10;
|
|
}
|
|
|
|
xmlXPathCompAndExpr(ctxt);
|
|
--
|
|
1.8.3.1
|
|
|