diff options
| author | wolfbeast <mcwerewolf@gmail.com> | 2017-06-15 16:38:41 +0200 |
|---|---|---|
| committer | wolfbeast <mcwerewolf@gmail.com> | 2018-02-02 18:55:59 +0100 |
| commit | 109fb616f0e52122ffa619bba9d628bbbeb503fb (patch) | |
| tree | abb0f1adb136850fd5e94b3cb0cfd2f05fc911c9 /parser/htmlparser/nsExpatDriver.h | |
| parent | a164a1ab763fc9bd1aa603308fbdac184b9f7100 (diff) | |
| download | uxp-109fb616f0e52122ffa619bba9d628bbbeb503fb.tar.gz | |
Restrict XML file recursion depth to 200.
This resolves #2.
Diffstat (limited to 'parser/htmlparser/nsExpatDriver.h')
| -rw-r--r-- | parser/htmlparser/nsExpatDriver.h | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/parser/htmlparser/nsExpatDriver.h b/parser/htmlparser/nsExpatDriver.h index 1bf022adee..0d62bd09da 100644 --- a/parser/htmlparser/nsExpatDriver.h +++ b/parser/htmlparser/nsExpatDriver.h @@ -16,6 +16,9 @@ #include "nsIParser.h" #include "nsCycleCollectionParticipant.h" +// Tree depth limit for XML-based files (xml/svg/etc.) +#define MAX_XML_TREE_DEPTH 200 + class nsIExpatSink; class nsIExtendedExpatSink; struct nsCatalogData; @@ -37,7 +40,7 @@ public: const char16_t *aBase, const char16_t *aSystemId, const char16_t *aPublicId); - nsresult HandleStartElement(const char16_t *aName, const char16_t **aAtts); + void HandleStartElement(const char16_t *aName, const char16_t **aAtts); nsresult HandleEndElement(const char16_t *aName); nsresult HandleCharacterData(const char16_t *aCData, const uint32_t aLength); nsresult HandleComment(const char16_t *aName); @@ -119,6 +122,8 @@ private: // Whether we're sure that we won't be getting more buffers to parse from // Necko bool mIsFinalChunk; + + uint8_t mTagDepth; nsresult mInternalState; |