From 6f28c4cd607d83ce381f9b4a9f8101ca1e79c611 Mon Sep 17 00:00:00 2001 From: jeanlf Date: Mon, 22 May 2023 17:35:19 +0200 Subject: [PATCH] fixed #2473 --- src/utils/xml_parser.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/utils/xml_parser.c b/src/utils/xml_parser.c index b1b1491529..49df338164 100644 --- a/src/utils/xml_parser.c +++ b/src/utils/xml_parser.c @@ -191,6 +191,7 @@ struct _tag_sax_parser GF_XMLAttribute *attrs; GF_XMLSaxAttribute *sax_attrs; u32 nb_attrs, nb_alloc_attrs; + u32 ent_rec_level; }; static GF_XMLSaxAttribute *xml_get_sax_attribute(GF_SAXParser *parser) @@ -902,7 +903,14 @@ static GF_Err xml_sax_parse(GF_SAXParser *parser, Bool force_parse) parser->line_size = 0; parser->elt_start_pos = 0; parser->sax_state = SAX_STATE_TEXT_CONTENT; - e = gf_xml_sax_parse_intern(parser, orig_buf); + parser->ent_rec_level++; + if (parser->ent_rec_level>100) { + GF_LOG(GF_LOG_WARNING, GF_LOG_CORE, ("[XML] Too many recursions in entity solving, max 100 allowed\n")); + e = GF_NOT_SUPPORTED; + } else { + e = gf_xml_sax_parse_intern(parser, orig_buf); + parser->ent_rec_level--; + } gf_free(orig_buf); return e; } @@ -1075,8 +1083,9 @@ static GF_Err gf_xml_sax_parse_intern(GF_SAXParser *parser, char *current) /*append entity*/ line_num = parser->line; xml_sax_append_string(parser, ent->value); - xml_sax_parse(parser, GF_TRUE); + GF_Err e = xml_sax_parse(parser, GF_TRUE); parser->line = line_num; + if (e) return e; } xml_sax_append_string(parser, current);