Fix GHSL-2023-031: prevent quadratic performance by not allowing very deeply nested lists.

kevinbackhouse · kevinbackhouse · commit 9e0855d77018 · 2023-02-22T12:59:22.000Z
diff --git a/src/blocks.c b/src/blocks.c
@@ -27,6 +27,14 @@
 #define CODE_INDENT 4
 #define TAB_STOP 4
 
+/**
+ * Very deeply nested lists can cause quadratic performance issues.
+ * This constant is used in open_new_blocks() to limit the nesting
+ * depth. It is unlikely that a non-contrived markdown document will
+ * be nested this deeply.
+ */
+#define MAX_LIST_DEPTH 100
+
 #ifndef MIN
 #define MIN(x, y) ((x < y) ? x : y)
 #endif
@@ -1119,10 +1127,11 @@ static void open_new_blocks(cmark_parser *parser, cmark_node **container,
   bool has_content;
   int save_offset;
   int save_column;
+  size_t depth = 0;
 
   while (cont_type != CMARK_NODE_CODE_BLOCK &&
          cont_type != CMARK_NODE_HTML_BLOCK) {
-
+    depth++;
     S_find_first_nonspace(parser, input);
     indented = parser->indent >= CODE_INDENT;
 
@@ -1224,6 +1233,7 @@ static void open_new_blocks(cmark_parser *parser, cmark_node **container,
       (*container)->internal_offset = matched;
     } else if ((!indented || cont_type == CMARK_NODE_LIST) &&
 	       parser->indent < 4 &&
+               depth < MAX_LIST_DEPTH &&
                (matched = parse_list_marker(
                     parser->mem, input, parser->first_nonspace,
                     (*container)->type == CMARK_NODE_PARAGRAPH, &data))) {
