Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Limit nested filters to avoid stack overflow 2 #1072

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Limit nested filters to avoid stack overflow 2 #1072

wants to merge 2 commits into from
+42 −24

Conversation

manunio
Copy link
Contributor

@manunio manunio commented Jun 23, 2024

This will fix: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66029.
This pr includes all the work at https://github.com/djc/askama/pull/979 done by @djc as well as updated ui test.

For ui test: I think previous input for filter-recursion ui test was not right as it
was not triggering error for recursion itself, for example:

#[test]
fn fuzzed_filter_recursion() {
    const TEMPLATE: &str = include_str!("../tests/filter-recursion.txt");
    if let Err(e) = Ast::from_str(TEMPLATE, None, &Syntax::default()) {
        panic!("{e}");
    }
}
---- tests::fuzzed_filter_recursion stdout ----
thread 'tests::fuzzed_filter_recursion' panicked at askama_parser/src/tests.rs:952:9:
failed to parse template source at row 1, column 255 near:
"|A|AA|A|A|A|A|AA|A|A|A|A|AA|A|A|A|A|AA|A"...

@GuillaumeGomez
Copy link
Collaborator

Looks good to me, thanks!

djc
djc reviewed Jun 29, 2024
View reviewed changes
askama_parser/src/lib.rs
opt(|i| Expr::arguments(i, level, false)),
))(i)?;
Ok((i, (fname, args)))
fn filter<'a>(i: &'a str, level: &mut Level) -> ParseResult<'a, (&'a str, Option<Vec<Expr<'a>>>)> {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Level is Copy, why break the convention of passing it by value here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It was copied from your old pr: https://github.com/djc/askama/pull/979

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@djc djc djc left review comments

@GuillaumeGomez GuillaumeGomez GuillaumeGomez approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@manunio @GuillaumeGomez @djc