[Libreoffice-commits] core.git: Branch 'libreoffice-7-0' - sax/source

Miklos Vajna (via logerrit) logerrit at kemper.freedesktop.org
Tue Sep 29 12:30:42 UTC 2020 

 sax/source/fastparser/fastparser.cxx |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

New commits:
commit 9ad456005b2bbc5d570b975e2a54f7d904d079e6
Author:     Miklos Vajna <vmiklos at collabora.com>
AuthorDate: Mon Sep 28 21:05:27 2020 +0200
Commit:     Xisco Fauli <xiscofauli at libreoffice.org>
CommitDate: Tue Sep 29 14:30:08 2020 +0200

    tdf#136551 DOTX import: restore support for large XML attribute values
    
    Regression from commit 82d08580e368afbc9d73da3613845a36a89b0a8c (switch
    saxparser from expat to libxml2, 2014-11-14), expat used to allow huge
    XML attribute values, while libxml2 defaults to rejecting values larger
    than 10MB.
    
    This looks like a sane limit, but the bugdoc has some fallback VML
    markup where the actual graphic content of the shape is base64-encoded
    in an XML attribute value.
    
    libxml2 has an XML_PARSE_HUGE flag to lift this limit, so use that. If
    this was not a problem with expat, then it should be no problem with
    libxml2, either.
    
    [ No testcase, adding a 10MB test document to the repo is not preferred. ]
    
    (cherry picked from commit cd85546a2fbdade42f80fd3b6bd650791db9f32d)
    
    Change-Id: Ifcd0ce52d3cb95bef36c58aa073bb59bc07490d6
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103597
    Reviewed-by: Adolfo Jayme Barrientos <fitojb at ubuntu.com>
    Tested-by: Jenkins

diff --git a/sax/source/fastparser/fastparser.cxx b/sax/source/fastparser/fastparser.cxx
index 1c4d5531a747..a0488efa4a6f 100644
--- a/sax/source/fastparser/fastparser.cxx
+++ b/sax/source/fastparser/fastparser.cxx
@@ -1061,8 +1061,10 @@ void FastSaxParserImpl::parse()
                 throw SAXException("Couldn't create parser", Reference< XInterface >(), Any() );
 
             // Tell libxml2 parser to decode entities in attribute values.
+            // Also allow XML attribute values which are larger than 10MB, because this used to work
+            // with expat.
             // coverity[unsafe_xml_parse_config] - entity support is required
-            xmlCtxtUseOptions(rEntity.mpParser, XML_PARSE_NOENT);
+            xmlCtxtUseOptions(rEntity.mpParser, XML_PARSE_NOENT | XML_PARSE_HUGE);
         }
         else
         {

More information about the Libreoffice-commits mailing list