diff options
| author | Russ Cox <rsc@golang.org> | 2022-10-31 15:42:13 -0400 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2022-10-31 20:35:56 +0000 |
| commit | 6695cebeec02c62bd440eec8e982028225984dfb (patch) | |
| tree | 4c32a6dc31ae21f4e3786e6cc3f6c97d5db08cf4 /src/encoding/xml | |
| parent | 4b993bffb83394105d13b426dae12afe0ab05804 (diff) | |
| download | go-6695cebeec02c62bd440eec8e982028225984dfb.tar.xz | |
encoding/xml: reduce depth limit on wasm
Wasm can't handle the recusion for XML nested to depth 10,000.
Cut it off at 5,000 instead. This fixes TestCVE202228131 on trybots
in certain conditions.
Also disable TestCVE202230633 to fix 'go test -v encoding/xml' on gomotes.
Also rename errExeceededMaxUnmarshalDepth [misspelled and unwieldy]
to errUnmarshalDepth.
For #56498.
Change-Id: I7cc337ccfee251bfd9771497be0e5272737114f9
Reviewed-on: https://go-review.googlesource.com/c/go/+/446639
Auto-Submit: Russ Cox <rsc@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Diffstat (limited to 'src/encoding/xml')
| -rw-r--r-- | src/encoding/xml/read.go | 12 | ||||
| -rw-r--r-- | src/encoding/xml/read_test.go | 7 |
2 files changed, 12 insertions, 7 deletions
diff --git a/src/encoding/xml/read.go b/src/encoding/xml/read.go index a6fb665458..c2f495581a 100644 --- a/src/encoding/xml/read.go +++ b/src/encoding/xml/read.go @@ -10,6 +10,7 @@ import ( "errors" "fmt" "reflect" + "runtime" "strconv" "strings" ) @@ -308,14 +309,17 @@ var ( textUnmarshalerType = reflect.TypeOf((*encoding.TextUnmarshaler)(nil)).Elem() ) -const maxUnmarshalDepth = 10000 +const ( + maxUnmarshalDepth = 10000 + maxUnmarshalDepthWasm = 5000 // go.dev/issue/56498 +) -var errExeceededMaxUnmarshalDepth = errors.New("exceeded max depth") +var errUnmarshalDepth = errors.New("exceeded max depth") // Unmarshal a single XML element into val. func (d *Decoder) unmarshal(val reflect.Value, start *StartElement, depth int) error { - if depth >= maxUnmarshalDepth { - return errExeceededMaxUnmarshalDepth + if depth >= maxUnmarshalDepth || runtime.GOARCH == "wasm" && depth >= maxUnmarshalDepthWasm { + return errUnmarshalDepth } // Find start element if we need it. if start == nil { diff --git a/src/encoding/xml/read_test.go b/src/encoding/xml/read_test.go index 35385c6490..3e85fca5c6 100644 --- a/src/encoding/xml/read_test.go +++ b/src/encoding/xml/read_test.go @@ -9,6 +9,7 @@ import ( "errors" "io" "reflect" + "runtime" "strings" "testing" "time" @@ -1105,13 +1106,13 @@ func TestCVE202228131(t *testing.T) { err := Unmarshal(bytes.Repeat([]byte("<a>"), maxUnmarshalDepth+1), &n) if err == nil { t.Fatal("Unmarshal did not fail") - } else if !errors.Is(err, errExeceededMaxUnmarshalDepth) { - t.Fatalf("Unmarshal unexpected error: got %q, want %q", err, errExeceededMaxUnmarshalDepth) + } else if !errors.Is(err, errUnmarshalDepth) { + t.Fatalf("Unmarshal unexpected error: got %q, want %q", err, errUnmarshalDepth) } } func TestCVE202230633(t *testing.T) { - if testing.Short() { + if testing.Short() || runtime.GOARCH == "wasm" { t.Skip("test requires significant memory") } defer func() { |