encoding/xml: reduce depth limit on wasm

Wasm can't handle the recusion for XML nested to depth 10,000. Cut it off at 5,000 instead. This fixes TestCVE202228131 on trybots in certain conditions. Also disable TestCVE202230633 to fix 'go test -v encoding/xml' on gomotes. Also rename errExeceededMaxUnmarshalDepth [misspelled and unwieldy] to errUnmarshalDepth. For #56498. Change-Id: I7cc337ccfee251bfd9771497be0e5272737114f9 Reviewed-on: https://go-review.googlesource.com/c/go/+/446639 Auto-Submit: Russ Cox <rsc@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com> Reviewed-by: Bryan Mills <bcmills@google.com> Run-TryBot: Russ Cox <rsc@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org>
2024-11-23 00:20:12 -07:00 · 2022-10-31 15:42:13 -04:00 · 2022-10-31 15:42:13 -04:00 · 6695cebeec
commit 6695cebeec
parent 4b993bffb8
2 changed files with 12 additions and 7 deletions
--- a/src/encoding/xml/read.go
+++ b/src/encoding/xml/read.go
@ -10,6 +10,7 @@ import (
 	"errors"
 	"fmt"
 	"reflect"
+	"runtime"
 	"strconv"
 	"strings"
 )
@ -308,14 +309,17 @@ var (
 	textUnmarshalerType = reflect.TypeOf((*encoding.TextUnmarshaler)(nil)).Elem()
 )

-const maxUnmarshalDepth = 10000
+const (
+	maxUnmarshalDepth     = 10000
+	maxUnmarshalDepthWasm = 5000 // go.dev/issue/56498
+)

-var errExeceededMaxUnmarshalDepth = errors.New("exceeded max depth")
+var errUnmarshalDepth = errors.New("exceeded max depth")

 // Unmarshal a single XML element into val.
 func (d *Decoder) unmarshal(val reflect.Value, start *StartElement, depth int) error {
-	if depth >= maxUnmarshalDepth {
-		return errExeceededMaxUnmarshalDepth
+	if depth >= maxUnmarshalDepth || runtime.GOARCH == "wasm" && depth >= maxUnmarshalDepthWasm {
+		return errUnmarshalDepth
 	}
 	// Find start element if we need it.
 	if start == nil {
--- a/src/encoding/xml/read_test.go
+++ b/src/encoding/xml/read_test.go
@ -9,6 +9,7 @@ import (
 	"errors"
 	"io"
 	"reflect"
+	"runtime"
 	"strings"
 	"testing"
 	"time"
@ -1105,13 +1106,13 @@ func TestCVE202228131(t *testing.T) {
 	err := Unmarshal(bytes.Repeat([]byte("<a>"), maxUnmarshalDepth+1), &n)
 	if err == nil {
 		t.Fatal("Unmarshal did not fail")
-	} else if !errors.Is(err, errExeceededMaxUnmarshalDepth) {
-		t.Fatalf("Unmarshal unexpected error: got %q, want %q", err, errExeceededMaxUnmarshalDepth)
+	} else if !errors.Is(err, errUnmarshalDepth) {
+		t.Fatalf("Unmarshal unexpected error: got %q, want %q", err, errUnmarshalDepth)
 	}
 }

 func TestCVE202230633(t *testing.T) {
-	if testing.Short() {
+	if testing.Short() || runtime.GOARCH == "wasm" {
 		t.Skip("test requires significant memory")
 	}
 	defer func() {