Skip to content

Commit 6f28c4c

Browse files
committed
fixed #2473
1 parent 1e5ad5b commit 6f28c4c

File tree

1 file changed

+11
-2
lines changed

1 file changed

+11
-2
lines changed

Diff for: src/utils/xml_parser.c

+11-2
Original file line numberDiff line numberDiff line change
@@ -191,6 +191,7 @@ struct _tag_sax_parser
191191
GF_XMLAttribute *attrs;
192192
GF_XMLSaxAttribute *sax_attrs;
193193
u32 nb_attrs, nb_alloc_attrs;
194+
u32 ent_rec_level;
194195
};
195196

196197
static GF_XMLSaxAttribute *xml_get_sax_attribute(GF_SAXParser *parser)
@@ -902,7 +903,14 @@ static GF_Err xml_sax_parse(GF_SAXParser *parser, Bool force_parse)
902903
parser->line_size = 0;
903904
parser->elt_start_pos = 0;
904905
parser->sax_state = SAX_STATE_TEXT_CONTENT;
905-
e = gf_xml_sax_parse_intern(parser, orig_buf);
906+
parser->ent_rec_level++;
907+
if (parser->ent_rec_level>100) {
908+
GF_LOG(GF_LOG_WARNING, GF_LOG_CORE, ("[XML] Too many recursions in entity solving, max 100 allowed\n"));
909+
e = GF_NOT_SUPPORTED;
910+
} else {
911+
e = gf_xml_sax_parse_intern(parser, orig_buf);
912+
parser->ent_rec_level--;
913+
}
906914
gf_free(orig_buf);
907915
return e;
908916
}
@@ -1075,8 +1083,9 @@ static GF_Err gf_xml_sax_parse_intern(GF_SAXParser *parser, char *current)
10751083
/*append entity*/
10761084
line_num = parser->line;
10771085
xml_sax_append_string(parser, ent->value);
1078-
xml_sax_parse(parser, GF_TRUE);
1086+
GF_Err e = xml_sax_parse(parser, GF_TRUE);
10791087
parser->line = line_num;
1088+
if (e) return e;
10801089

10811090
}
10821091
xml_sax_append_string(parser, current);

0 commit comments

Comments
 (0)