Gamebuster19901 commented on a change in pull request #644:
URL: https://github.com/apache/logging-log4j2/pull/644#discussion_r775165870
##########
File path:
log4j-core/src/main/java/org/apache/logging/log4j/core/lookup/StrSubstitutor.java
##########
@@ -986,12 +986,20 @@ protected boolean substitute(final LogEvent event, final
StringBuilder buf, fina
* @param buf the string builder to substitute into, not null
* @param offset the start offset within the builder, must be valid
* @param length the length within the builder to be processed, must be
valid
+ * @param recursionDepth the current recursion depth, strings exceeding 10
recursions
+ * will not be fully interpolated, and will cause an error to be logged.
* @param priorVariables the stack keeping track of the replaced
variables, may be null
* @return the length change that occurs, unless priorVariables is null
when the int
* represents a boolean flag as to whether any change occurred.
*/
private int substitute(final LogEvent event, final StringBuilder buf,
final int offset, final int length,
- List<String> priorVariables) {
+ final int recursionDepth, List<String>
priorVariables) {
+ int maxRecursionDepth = 10;
+ if (recursionDepth >= maxRecursionDepth) {
+ StatusLogger.getLogger().error("Property interpolation exceeded
recursion depth of {}. Replacement failed on '{}'",
Review comment:
Won't this still cause a StackOverflowError? The bad string is passed in
as a parameter into StatusLogger.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
