[Libreoffice-commits] core.git: sax/source

Miklos Vajna (via logerrit) logerrit at kemper.freedesktop.org
Tue Sep 29 07:06:41 UTC 2020 

 sax/source/fastparser/fastparser.cxx |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

New commits:
commit cd85546a2fbdade42f80fd3b6bd650791db9f32d
Author:     Miklos Vajna <vmiklos at collabora.com>
AuthorDate: Mon Sep 28 21:05:27 2020 +0200
Commit:     Miklos Vajna <vmiklos at collabora.com>
CommitDate: Tue Sep 29 09:06:07 2020 +0200

    tdf#136551 DOTX import: restore support for large XML attribute values
    
    Regression from commit 82d08580e368afbc9d73da3613845a36a89b0a8c (switch
    saxparser from expat to libxml2, 2014-11-14), expat used to allow huge
    XML attribute values, while libxml2 defaults to rejecting values larger
    than 10MB.
    
    This looks like a sane limit, but the bugdoc has some fallback VML
    markup where the actual graphic content of the shape is base64-encoded
    in an XML attribute value.
    
    libxml2 has an XML_PARSE_HUGE flag to lift this limit, so use that. If
    this was not a problem with expat, then it should be no problem with
    libxml2, either.
    
    [ No testcase, adding a 10MB test document to the repo is not preferred. ]
    
    Change-Id: Ifcd0ce52d3cb95bef36c58aa073bb59bc07490d6
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103567
    Tested-by: Jenkins
    Reviewed-by: Miklos Vajna <vmiklos at collabora.com>

diff --git a/sax/source/fastparser/fastparser.cxx b/sax/source/fastparser/fastparser.cxx
index a10ccdbcae24..2b713b81576e 100644
--- a/sax/source/fastparser/fastparser.cxx
+++ b/sax/source/fastparser/fastparser.cxx
@@ -1061,8 +1061,10 @@ void FastSaxParserImpl::parse()
                 throw SAXException("Couldn't create parser", Reference< XInterface >(), Any() );
 
             // Tell libxml2 parser to decode entities in attribute values.
+            // Also allow XML attribute values which are larger than 10MB, because this used to work
+            // with expat.
             // coverity[unsafe_xml_parse_config] - entity support is required
-            xmlCtxtUseOptions(rEntity.mpParser, XML_PARSE_NOENT);
+            xmlCtxtUseOptions(rEntity.mpParser, XML_PARSE_NOENT | XML_PARSE_HUGE);
         }
         else
         {

More information about the Libreoffice-commits mailing list