Home | History | Annotate | Download | only in recurse 
      1 Index: parser.c
      2 ===================================================================
      3 --- parser.c	(revision 3773)
      4 +++ parser.c	(working copy)
      5 @@ -2505,6 +2505,11 @@ xmlStringLenDecodeEntities(xmlParserCtxt
      6  	    c = CUR_SCHAR(str, l);
      7  	else
      8  	    c = 0;
      9 +        if ((nbchars > 500000) &&
     10 +	    (ctxt->instate == XML_PARSER_ATTRIBUTE_VALUE)) {
     11 +	    xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL);
     12 +	    goto int_error;
     13 +        }
     14      }
     15      buffer[nbchars++] = 0;
     16      return(buffer);
     17