Skip to content

Commit

Permalink
Fix infinity loop in skip when parsing malformed XML
Browse files Browse the repository at this point in the history 
Co-authored-by: Daniel Alley <dalley@redhat.com>
  • Loading branch information
@Mingun @dralley
Mingun and dralley committed Dec 26, 2022
1 parent f63910d commit 85eeb2e
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 2 deletions.
5 changes: 5 additions & 0 deletions Changelog.md
View file
Expand Up @@ -14,8 +14,13 @@

### Bug Fixes

- [#530]: Fix an infinite loop leading to unbounded memory consumption that occurs when
skipping events on malformed XML with the `overlapped-lists` feature active.

### Misc Changes

[#530]: https://github.com/tafia/quick-xml/pull/530

## 0.27.0 -- 2022-12-25

### New Features
Expand Down
24 changes: 22 additions & 2 deletions src/de/mod.rs
View file
Expand Up @@ -2073,6 +2073,7 @@ where
/// should be replayed after calling [`Self::start_replay()`].
#[cfg(feature = "overlapped-lists")]
#[inline]
#[must_use = "returned checkpoint should be used in `start_replay`"]
fn skip_checkpoint(&self) -> usize {
self.write.len()
}
Expand Down Expand Up @@ -2100,16 +2101,21 @@ where
DeEvent::End(ref e) if e.name().as_ref() == end => {
self.skip_event(event)?;
if depth == 0 {
return Ok(());
break;
}
depth -= 1;
}
DeEvent::Eof => {
self.skip_event(event)?;
break;
}
_ => self.skip_event(event)?,
}
}
}
_ => Ok(()),
_ => (),
}
Ok(())
}

#[cfg(feature = "overlapped-lists")]
Expand Down Expand Up @@ -3057,6 +3063,20 @@ mod tests {
e => panic!("Expected `Err(TooManyEvents(3))`, but found {:?}", e),
}
}

/// Without handling Eof in `skip` this test failed with memory allocation
#[test]
fn invalid_xml() {
use crate::de::DeEvent::*;

let mut de = Deserializer::from_str("<root>");

// Cache all events
let checkpoint = de.skip_checkpoint();
de.skip().unwrap();
de.start_replay(checkpoint);
assert_eq!(de.read, vec![Start(BytesStart::new("root")), Eof]);
}
}

#[test]
Expand Down

0 comments on commit 85eeb2e

Please sign in to comment.