Skip to content

Commit 6344147

Browse files
flavorjonesflavorjones
authored
fix: SAX::ParserContext keeps a reference to the input (backport of #3395 to v1.18.x) (#3396)
backport #3395 to v1.18.x
2 parents fdfb6df + 1c9b8f1 commit 6344147

File tree

3 files changed

+39
-2
lines changed

3 files changed

+39
-2
lines changed

CHANGELOG.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,13 @@ Nokogiri follows [Semantic Versioning](https://semver.org/), please see the [REA
44

55
---
66

7+
## v1.18.1 / unreleased
8+
9+
### Fixed
10+
11+
* [CRuby] XML::SAX::ParserContext keeps a reference to the input to avoid a potential use-after-free issue that's existed since v1.4.0 (2009). (#3395) @flavorjones
12+
13+
714
## v1.18.0 / 2024-12-25
815

916
### Notable Changes

ext/nokogiri/xml_sax_parser_context.c

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -102,7 +102,10 @@ noko_xml_sax_parser_context_s_native_io(VALUE rb_class, VALUE rb_io, VALUE rb_en
102102
c_context->sax = NULL;
103103
}
104104

105-
return noko_xml_sax_parser_context_wrap(rb_class, c_context);
105+
VALUE rb_context = noko_xml_sax_parser_context_wrap(rb_class, c_context);
106+
rb_iv_set(rb_context, "@input", rb_io);
107+
108+
return rb_context;
106109
}
107110

108111
/* :nodoc: */
@@ -154,7 +157,10 @@ noko_xml_sax_parser_context_s_native_memory(VALUE rb_class, VALUE rb_input, VALU
154157
c_context->sax = NULL;
155158
}
156159

157-
return noko_xml_sax_parser_context_wrap(rb_class, c_context);
160+
VALUE rb_context = noko_xml_sax_parser_context_wrap(rb_class, c_context);
161+
rb_iv_set(rb_context, "@input", rb_input);
162+
163+
return rb_context;
158164
}
159165

160166
/*

test/test_memory_usage.rb

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -313,5 +313,29 @@ def start_element(name, attrs = [])
313313
# Expected error. This comment makes rubocop happy.
314314
end
315315
end
316+
317+
it "XML::SAX::ParserContext.io holds a reference to IO input" do
318+
content = File.read(XML_ATOM_FILE)
319+
320+
memwatch(__method__) do
321+
pc = Nokogiri::XML::SAX::ParserContext.io(StringIO.new(content), "ISO-8859-1")
322+
parser = Nokogiri::XML::SAX::Parser.new(Nokogiri::SAX::TestCase::Doc.new)
323+
GC.stress
324+
pc.parse_with(parser)
325+
326+
assert_equal(472, parser.document.data.length)
327+
end
328+
end
329+
330+
it "XML::SAX::ParserContext.memory holds a reference to string input" do
331+
memwatch(__method__) do
332+
pc = Nokogiri::XML::SAX::ParserContext.memory(File.read(XML_ATOM_FILE), "ISO-8859-1")
333+
parser = Nokogiri::XML::SAX::Parser.new(Nokogiri::SAX::TestCase::Doc.new)
334+
GC.stress
335+
pc.parse_with(parser)
336+
337+
assert_equal(472, parser.document.data.length)
338+
end
339+
end
316340
end if ENV["NOKOGIRI_MEMORY_SUITE"] && Nokogiri.uses_libxml?
317341
end

0 commit comments

Comments
 (0)