Commit d3ec6060 authored by Nick Wellnhofer's avatar Nick Wellnhofer
Browse files

Optional operation limit

Useful to avoid timeouts when fuzzing.
parent c75b811d
......@@ -2411,6 +2411,17 @@ xsltApplySequenceConstructor(xsltTransformContextPtr ctxt,
*/
cur = list;
while (cur != NULL) {
if (ctxt->opLimit != 0) {
if (ctxt->opCount >= ctxt->opLimit) {
xsltTransformError(ctxt, NULL, cur,
"xsltApplySequenceConstructor: "
"Operation limit exceeded\n");
ctxt->state = XSLT_STATE_STOPPED;
goto error;
}
ctxt->opCount += 1;
}
ctxt->inst = cur;
#ifdef WITH_DEBUGGER
......
......@@ -1780,6 +1780,8 @@ struct _xsltTransformContext {
int depth; /* Needed to catch recursions */
int maxTemplateDepth;
int maxTemplateVars;
unsigned long opLimit;
unsigned long opCount;
};
/**
......
......@@ -124,6 +124,7 @@ LLVMFuzzerTestOneInput(const char *data, size_t size) {
ctxt = xsltNewTransformContext(sheet, doc);
xsltSetCtxtSecurityPrefs(sec, ctxt);
ctxt->maxTemplateDepth = 100;
ctxt->opLimit = 200000;
xsltSetXPathResourceLimits(ctxt->xpathCtxt);
ctxt->xpathCtxt->opCount = sheet->xpathCtxt->opCount;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment