fix: upstream libxml2 bug in calculating xpath query recursion depth

Fixes #2257 See related https://gitlab.gnome.org/GNOME/libxml2/-/issues/264
sparklemotion · Jun 2, 2021 · 7c10c01 · 7c10c01
1 parent 6d573b3
commit 7c10c01
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -39,6 +39,11 @@ Many thanks to Sam Ruby, Steve Checkoway, and Craig Barnes for creating and main
 * [CRuby] Upgrade mini_portile2 dependency from `~> 2.5.0` to `~> 2.5.1`. ("ruby" platform gem only.)
 
 
+## 1.11.7 / unreleased
+
+* [CRuby] Backporting an upstream fix to XPath recursion depth limits which impacted some users of complex XPath queries. This issue is present in libxml 2.9.11 and 2.9.12. [[#2257](https://github.com/sparklemotion/nokogiri/issues/2257)]
+
+
 ## 1.11.6 / 2021-05-26
 
 ### Fixed

diff --git a/patches/libxml2/0007-Fix-XPath-recursion-limit.patch b/patches/libxml2/0007-Fix-XPath-recursion-limit.patch
@@ -0,0 +1,31 @@
+From 3e1aad4fe584747fd7d17cc7b2863a78e2d21a77 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Wed, 2 Jun 2021 17:31:49 +0200
+Subject: [PATCH] Fix XPath recursion limit
+
+Fix accounting of recursion depth when parsing XPath expressions.
+
+This silly bug introduced in commit 804c5297 could lead to spurious
+errors when parsing larger expressions or XSLT documents.
+
+Should fix #264.
+---
+ xpath.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/xpath.c b/xpath.c
+index 7497ba0..1aa2f1a 100644
+--- a/xpath.c
++++ b/xpath.c
+@@ -10983,7 +10983,7 @@ xmlXPathCompileExpr(xmlXPathParserContextPtr ctxt, int sort) {
+     }
+
+     if (xpctxt != NULL)
+-        xpctxt->depth -= 1;
++        xpctxt->depth -= 10;
+ }
+
+ /**
+-- 
+2.31.0
+