1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| Index: parser.c
| ===================================================================
| --- parser.c (revision 3773)
| +++ parser.c (working copy)
| @@ -2505,6 +2505,11 @@ xmlStringLenDecodeEntities(xmlParserCtxt
| c = CUR_SCHAR(str, l);
| else
| c = 0;
| + if ((nbchars > 500000) &&
| + (ctxt->instate == XML_PARSER_ATTRIBUTE_VALUE)) {
| + xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL);
| + goto int_error;
| + }
| }
| buffer[nbchars++] = 0;
| return(buffer);
|
|
