On Sun, Aug 24, 2008 at 10:15:41AM +0200, Mike Hommey wrote:
> On Wed, Aug 20, 2008 at 07:00:51PM +0200, Daniel Veillard wrote:
> > Bad news, when checking against recursive entities expansion problem
> > back when it was made official (c.f. the billion laught attack circa
> > 2004) I had checked for the normal recursion, but when happening in
> > an attribute avlue the resource consumption is way faster and the
> > recursion detection in place is not sufficient to catch the problem.
> >
> > Basically when this happen within an attribute just checking for
> > a recursion depth is not sufficient, and the only good method I could
> > find was to count the number of entities replacement taking place while
> > parsing a given document, and drop parsing after half a million
> > substitution. I think it's a fair default processand what the patches
> > below implements for various libxml2 versions, but i can understand that
> > in some case that may be problematic. So i intend in the next release
> > (2.7.0 hopefully available soon) to add a parser flag removing the
> > hardcoded limits (there is also a maximum document depth in place).
> >
> > Distributions have been made aware of the problem for a couple of
> > weeks and updates should be available soon from normal update channels
> > I'm updating SVN with the fix too,
>
> FWIW, this patch broke binary compatibility with librsvg, which,
> foolishly, create xmlEntity objects "by hand" with a
> malloc(sizeof(xmlEntity)), in rsvg_entity_decl, which is sets as SAX
> entity handler.
Yup:
http://bugzilla.gnome.org/show_bug.cgi?id=549087
https://bugzilla.redhat.com/show_bug.cgi?id=459830
I have some backward compatible patches on that last bug
> I hope there aren't any more surprises with other libraries or programs.
yeah, it's a serious problem, I made data structure available
to help with fast access to the trees, but people have abused it,
I hope there isn't too many of those.
I hope librsvg get fixed, because I would really prefer the clean
solution in the upcoming 2.7.0 release.
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
[EMAIL PROTECTED] | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
_______________________________________________
xml mailing list, project page http://xmlsoft.org/
[email protected]
http://mail.gnome.org/mailman/listinfo/xml
