diff options
| author | corvid <devnull@localhost> | 2015-04-01 23:40:37 +0000 |
|---|---|---|
| committer | corvid <devnull@localhost> | 2015-04-01 23:40:37 +0000 |
| commit | b5399229a859f0f8009890eb9837b1d5ee6635d3 (patch) | |
| tree | f5bd4680f6984a685cd48fd433a0a02947bba2a8 | |
| parent | dc174f99255ac28ea8e1cd7e7c550296a0f4e132 (diff) | |
limit size when copying strings to find character references
https://github.com/torvalds/linux/pull/17 has a five-megabyte title
attribute, which is just a bit excessive. Since it has tons of < and
>, dillo couldn't cope with it. Over five minutes to parse as much
of it as it got before the connection broke. With this change, it's
about fifty seconds (on this old computer) to get/show the full 24 megs,
which is an improvement, at least.
| -rw-r--r-- | src/html.cc | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/html.cc b/src/html.cc index 53be82c3..1344c69c 100644 --- a/src/html.cc +++ b/src/html.cc @@ -995,6 +995,14 @@ static const char *Html_parse_entity(DilloHtml *html, const char *token, const char *ret = NULL; char *tok; + if (toksize > 50) { + /* In pathological cases, attributes can be megabytes long and filled + * with character references. As of HTML5, the longest defined character + * reference is about 32 bytes long. + */ + toksize = 50; + } + token++; tok = dStrndup(token, (uint_t)toksize); |