From 79301d3d5e553d46fc3201f48dcec3a93068c5a2 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Fri, 18 Dec 2020 12:50:21 +0100
Subject: [PATCH] Fix timeout when handling recursive entities

Abort parsing early to avoid an almost infinite loop in certain error
cases involving recursive entities.

Found with libFuzzer.
---
 parser.c                          |   1 +
 result/errors/rec_ext_ent.xml.ent | 290 +++++++++---------------------
 2 files changed, 86 insertions(+), 205 deletions(-)

diff --git a/parser.c b/parser.c
index 43b88358..a7bdc7f3 100644
--- a/parser.c
+++ b/parser.c
@@ -7158,6 +7158,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
 	    ent->checked |= 1;
 	if (ret == XML_ERR_ENTITY_LOOP) {
 	    xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL);
+            xmlHaltParser(ctxt);
 	    xmlFreeNodeList(list);
 	    return;
 	}
diff --git a/result/errors/rec_ext_ent.xml.ent b/result/errors/rec_ext_ent.xml.ent
index 30dd2854..d8ccec14 100644
--- a/result/errors/rec_ext_ent.xml.ent
+++ b/result/errors/rec_ext_ent.xml.ent
@@ -1,243 +1,123 @@
 test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
 <ent>&e; &e; &e; &e;</ent>
         ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
-<ent>&e; &e; &e; &e;</ent>
-        ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
-<ent>&e; &e; &e; &e;</ent>
-        ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
-<ent>&e; &e; &e; &e;</ent>
-        ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
-<ent>&e; &e; &e; &e;</ent>
-        ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
-<ent>&e; &e; &e; &e;</ent>
-        ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
-<ent>&e; &e; &e; &e;</ent>
-        ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
-<ent>&e; &e; &e; &e;</ent>
-        ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
-<ent>&e; &e; &e; &e;</ent>
-        ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
-<ent>&e; &e; &e; &e;</ent>
-        ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
-<ent>&e; &e; &e; &e;</ent>
-        ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
-<ent>&e; &e; &e; &e;</ent>
-        ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
-<ent>&e; &e; &e; &e;</ent>
-        ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
-<ent>&e; &e; &e; &e;</ent>
-        ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
-<ent>&e; &e; &e; &e;</ent>
-        ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
-<ent>&e; &e; &e; &e;</ent>
-        ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
-<ent>&e; &e; &e; &e;</ent>
-        ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
-<ent>&e; &e; &e; &e;</ent>
-        ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
-<ent>&e; &e; &e; &e;</ent>
-        ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
-<ent>&e; &e; &e; &e;</ent>
-        ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
-<ent>&e; &e; &e; &e;</ent>
-        ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
-<ent>&e; &e; &e; &e;</ent>
-        ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
-<ent>&e; &e; &e; &e;</ent>
-        ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
-<ent>&e; &e; &e; &e;</ent>
-        ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
-<ent>&e; &e; &e; &e;</ent>
-        ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
-<ent>&e; &e; &e; &e;</ent>
-        ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
-<ent>&e; &e; &e; &e;</ent>
-        ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
-<ent>&e; &e; &e; &e;</ent>
-        ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
-test/errors/rec_ext.ent:1: parser error : Entity 'e' failed to parse
-<ent>&e; &e; &e; &e;</ent>
-        ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
 test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
 <ent>&e; &e; &e; &e;</ent>
         ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
 test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
 <ent>&e; &e; &e; &e;</ent>
         ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
 test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
 <ent>&e; &e; &e; &e;</ent>
         ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
 test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
 <ent>&e; &e; &e; &e;</ent>
         ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
 test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
 <ent>&e; &e; &e; &e;</ent>
         ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
 test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
 <ent>&e; &e; &e; &e;</ent>
         ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
 test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
 <ent>&e; &e; &e; &e;</ent>
         ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
 test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
 <ent>&e; &e; &e; &e;</ent>
         ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
 test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
 <ent>&e; &e; &e; &e;</ent>
         ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
 test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
 <ent>&e; &e; &e; &e;</ent>
         ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
 test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
 <ent>&e; &e; &e; &e;</ent>
         ^
-test/errors/rec_ext.ent:2: parser error : chunk is not well balanced
-
-^
-./test/errors/rec_ext_ent.xml:4: parser error : Entity 'e' failed to parse
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
+<ent>&e; &e; &e; &e;</ent>
+        ^
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
+<ent>&e; &e; &e; &e;</ent>
+        ^
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
+<ent>&e; &e; &e; &e;</ent>
+        ^
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
+<ent>&e; &e; &e; &e;</ent>
+        ^
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
+<ent>&e; &e; &e; &e;</ent>
+        ^
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
+<ent>&e; &e; &e; &e;</ent>
+        ^
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
+<ent>&e; &e; &e; &e;</ent>
+        ^
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
+<ent>&e; &e; &e; &e;</ent>
+        ^
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
+<ent>&e; &e; &e; &e;</ent>
+        ^
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
+<ent>&e; &e; &e; &e;</ent>
+        ^
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
+<ent>&e; &e; &e; &e;</ent>
+        ^
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
+<ent>&e; &e; &e; &e;</ent>
+        ^
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
+<ent>&e; &e; &e; &e;</ent>
+        ^
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
+<ent>&e; &e; &e; &e;</ent>
+        ^
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
+<ent>&e; &e; &e; &e;</ent>
+        ^
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
+<ent>&e; &e; &e; &e;</ent>
+        ^
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
+<ent>&e; &e; &e; &e;</ent>
+        ^
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
+<ent>&e; &e; &e; &e;</ent>
+        ^
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
+<ent>&e; &e; &e; &e;</ent>
+        ^
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
+<ent>&e; &e; &e; &e;</ent>
+        ^
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
+<ent>&e; &e; &e; &e;</ent>
+        ^
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
+<ent>&e; &e; &e; &e;</ent>
+        ^
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
+<ent>&e; &e; &e; &e;</ent>
+        ^
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
+<ent>&e; &e; &e; &e;</ent>
+        ^
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
+<ent>&e; &e; &e; &e;</ent>
+        ^
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
+<ent>&e; &e; &e; &e;</ent>
+        ^
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
+<ent>&e; &e; &e; &e;</ent>
+        ^
+test/errors/rec_ext.ent:1: parser error : Detected an entity reference loop
+<ent>&e; &e; &e; &e;</ent>
+        ^
+./test/errors/rec_ext_ent.xml:4: parser error : Detected an entity reference loop
 <doc>&e; &e; &e; &e;</doc>
         ^