limit size when copying strings to find character references

https://github.com/torvalds/linux/pull/17 has a five-megabyte title attribute, which is just a bit excessive. Since it has tons of < and >, dillo couldn't cope with it. Over five minutes to parse as much of it as it got before the connection broke. With this change, it's about fifty seconds (on this old computer) to get/show the full 24 megs, which is an improvement, at least.
author: corvid <devnull@localhost> 2015-04-01 23:40:37 +0000
committer: corvid <devnull@localhost> 2015-04-01 23:40:37 +0000
commit: b5399229a859f0f8009890eb9837b1d5ee6635d3 (patch)
tree: f5bd4680f6984a685cd48fd433a0a02947bba2a8 /src/html.cc
parent: dc174f99255ac28ea8e1cd7e7c550296a0f4e132 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/src/html.cc b/src/html.cc
index 53be82c3..1344c69c 100644
--- a/src/html.cc
+++ b/src/html.cc
@@ -995,6 +995,14 @@ static const char *Html_parse_entity(DilloHtml *html, const char *token,
    const char *ret = NULL;
    char *tok;
 
+   if (toksize > 50) {
+      /* In pathological cases, attributes can be megabytes long and filled
+       * with character references. As of HTML5, the longest defined character
+       * reference is about 32 bytes long.
+       */
+      toksize = 50;
+   }
+
    token++;
    tok = dStrndup(token, (uint_t)toksize);
author	corvid <devnull@localhost>	2015-04-01 23:40:37 +0000
committer	corvid <devnull@localhost>	2015-04-01 23:40:37 +0000
commit	b5399229a859f0f8009890eb9837b1d5ee6635d3 (patch)
tree	f5bd4680f6984a685cd48fd433a0a02947bba2a8 /src/html.cc
parent	dc174f99255ac28ea8e1cd7e7c550296a0f4e132 (diff)