Fix possible C stack overflow with xml.decode

PlutoLang · Jan 18, 2025 · 70f1574 · 70f1574
1 parent 870d0a9
commit 70f1574
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 6 deletions.
diff --git a/src/lxml.cpp b/src/lxml.cpp
@@ -130,7 +130,13 @@ static int xml_decode (lua_State *L) {
   }
   size_t len;
   const char *data = luaL_checklstring(L, 1, &len);
-  auto root = soup::xml::parseAndDiscardMetadata(data, data + len, *mode);
+  soup::UniquePtr<soup::XmlTag> root;
+  try {
+    root = soup::xml::parseAndDiscardMetadata(data, data + len, *mode);
+  }
+  catch (const std::exception& e) {
+	luaL_error(L, e.what());
+  }
   pushxmltag(L, *root);
   return 1;
 }

diff --git a/src/vendor/Soup/soup/xml.cpp b/src/vendor/Soup/soup/xml.cpp
@@ -68,7 +68,7 @@ NAMESPACE_SOUP
 		auto i = begin;
 		do
 		{
-			if (auto node = parseImpl(i, end, mode))
+			if (auto node = parseImpl(i, end, mode, 1000))
 			{
 				res.emplace_back(std::move(node));
 			}
@@ -77,8 +77,10 @@ NAMESPACE_SOUP
 		return res;
 	}
 
-	UniquePtr<XmlNode> xml::parseImpl(const char*& i, const char* end, const XmlMode& mode)
+	UniquePtr<XmlNode> xml::parseImpl(const char*& i, const char* end, const XmlMode& mode, int max_depth)
 	{
+		SOUP_ASSERT(max_depth != 0, "Depth limit exceeded");
+
 		while (i != end && string::isSpace(*i))
 		{
 			++i;
@@ -393,11 +395,11 @@ NAMESPACE_SOUP
 					text.clear();
 				}
 #if DEBUG_PARSE
-				auto child = parseImpl(i, end, mode);
+				auto child = parseImpl(i, end, mode, max_depth - 1);
 				std::cout << "Recursed for " << child->encode() << std::endl;
 				tag->children.emplace_back(std::move(child));
 #else
-				tag->children.emplace_back(parseImpl(i, end, mode));
+				tag->children.emplace_back(parseImpl(i, end, mode, max_depth - 1));
 #endif
 				if (i == end)
 				{

diff --git a/src/vendor/Soup/soup/xml.hpp b/src/vendor/Soup/soup/xml.hpp
@@ -21,7 +21,7 @@ NAMESPACE_SOUP
 		[[nodiscard]] static std::vector<UniquePtr<XmlNode>> parse(const std::string& xml, const XmlMode& mode = MODE_XML);
 		[[nodiscard]] static std::vector<UniquePtr<XmlNode>> parse(const char* begin, const char* end, const XmlMode& mode = MODE_XML);
 	private:
-		[[nodiscard]] static UniquePtr<XmlNode> parseImpl(const char*& i, const char* end, const XmlMode& mode);
+		[[nodiscard]] static UniquePtr<XmlNode> parseImpl(const char*& i, const char* end, const XmlMode& mode, int max_depth);
 	};
 
 	struct XmlNode

diff --git a/testes/pluto/basic.pluto b/testes/pluto/basic.pluto
@@ -1618,6 +1618,8 @@ do
 
     -- Decode: No Lua stack overflow please
     assert(xml.decode("<p>":rep(99).."</p>":rep(99)))
+    -- No C stack overflows, either
+    assert(not pcall(|| -> xml.decode("<p>":rep(10000).."</p>":rep(10000))))
 
     -- Encode
     assert(xml.encode{