KotJohansson/UXP
1
0
Fork 0
mirror of https://github.com/roytam1/UXP.git synced 2026-05-26 14:54:25 +00:00
Code Issues Projects Releases Wiki Activity

Restrict XML file recursion depth to 200.

Browse Source 
This resolves #2.
This commit is contained in:
wolfbeast
2017-06-15 16:38:41 +02:00
committed by Roy Tam
parent 30d5f081aa
commit 141ff75e6a
2 changed files with 17 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
parser/htmlparser/nsExpatDriver.cpp
+11 -3
View File
@@ -338,6 +338,9 @@ NS_IMPL_CYCLE_COLLECTING_RELEASE(nsExpatDriver)
NS_IMPL_CYCLE_COLLECTION(nsExpatDriver, mSink, mExtendedSink)
// We store the tagdepth in a Uint8, so make sure the limit fits in a Uint8.
PR_STATIC_ASSERT(MAX_XML_TREE_DEPTH <= UINT8_MAX);
nsExpatDriver::nsExpatDriver()
: mExpatParser(nullptr),
mInCData(false),
@@ -345,6 +348,7 @@ nsExpatDriver::nsExpatDriver()
mInExternalDTD(false),
mMadeFinalCallToExpat(false),
mIsFinalChunk(false),
mTagDepth(0),
mInternalState(NS_OK),
mExpatBuffered(0),
mCatalogData(nullptr),
@@ -359,7 +363,7 @@ nsExpatDriver::~nsExpatDriver()
}
}
nsresult
void
nsExpatDriver::HandleStartElement(const char16_t *aValue,
const char16_t **aAtts)
{
@@ -377,13 +381,16 @@ nsExpatDriver::HandleStartElement(const char16_t *aValue,
}
if (mSink) {
if (++mTagDepth == MAX_XML_TREE_DEPTH) {
MaybeStopParser(NS_ERROR_HTMLPARSER_HIERARCHYTOODEEP);
return;
}
nsresult rv = mSink->
HandleStartElement(aValue, aAtts, attrArrayLength,
XML_GetCurrentLineNumber(mExpatParser));
MaybeStopParser(rv);
}
return NS_OK;
}
nsresult
@@ -395,6 +402,7 @@ nsExpatDriver::HandleEndElement(const char16_t *aValue)
if (mSink && mInternalState != NS_ERROR_HTMLPARSER_STOPPARSING) {
nsresult rv = mSink->HandleEndElement(aValue);
--mTagDepth;
MaybeStopParser(rv);
}