Skip to content
This repository was archived by the owner on Mar 11, 2025. It is now read-only.

Limit nested filters to avoid stack overflow 2#1072

Closed
manunio wants to merge 2 commits into
askama-rs:mainfrom
manunio:filte-recursion-2
Closed

Limit nested filters to avoid stack overflow 2#1072
manunio wants to merge 2 commits into
askama-rs:mainfrom
manunio:filte-recursion-2

Conversation

@manunio
Copy link
Copy Markdown
Contributor

@manunio manunio commented Jun 23, 2024

This will fix: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66029.
This pr includes all the work at #979 done by @djc as well as updated ui test.

For ui test: I think previous input for filter-recursion ui test was not right as it
was not triggering error for recursion itself, for example:

#[test]
fn fuzzed_filter_recursion() {
    const TEMPLATE: &str = include_str!("../tests/filter-recursion.txt");
    if let Err(e) = Ast::from_str(TEMPLATE, None, &Syntax::default()) {
        panic!("{e}");
    }
}
---- tests::fuzzed_filter_recursion stdout ----
thread 'tests::fuzzed_filter_recursion' panicked at askama_parser/src/tests.rs:952:9:
failed to parse template source at row 1, column 255 near:
"|A|AA|A|A|A|A|AA|A|A|A|A|AA|A|A|A|A|AA|A"...

@GuillaumeGomez
Copy link
Copy Markdown
Collaborator

GuillaumeGomez commented Jun 23, 2024

Looks good to me, thanks!

djc
djc reviewed Jun 29, 2024
View reviewed changes
Comment thread askama_parser/src/lib.rs
opt(|i| Expr::arguments(i, level, false)),
))(i)?;
Ok((i, (fname, args)))
fn filter<'a>(i: &'a str, level: &mut Level) -> ParseResult<'a, (&'a str, Option<Vec<Expr<'a>>>)> {
Copy link
Copy Markdown
Collaborator

@djc djc Jun 29, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Level is Copy, why break the convention of passing it by value here?

Copy link
Copy Markdown
Contributor Author

@manunio manunio Jun 30, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It was copied from your old pr: #979

@manunio manunio closed this Jan 21, 2025
@manunio manunio deleted the filte-recursion-2 branch January 21, 2025 13:17
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

2 more reviewers

@djc djc djc left review comments

@GuillaumeGomez GuillaumeGomez GuillaumeGomez approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@manunio @GuillaumeGomez @djc