From 6695cebeec02c62bd440eec8e982028225984dfb Mon Sep 17 00:00:00 2001
From: Russ Cox <rsc@golang.org>
Date: Mon, 31 Oct 2022 15:42:13 -0400
Subject: [PATCH] encoding/xml: reduce depth limit on wasm

Wasm can't handle the recusion for XML nested to depth 10,000.
Cut it off at 5,000 instead. This fixes TestCVE202228131 on trybots
in certain conditions.

Also disable TestCVE202230633 to fix 'go test -v encoding/xml' on gomotes.

Also rename errExeceededMaxUnmarshalDepth [misspelled and unwieldy]
to errUnmarshalDepth.

For #56498.

Change-Id: I7cc337ccfee251bfd9771497be0e5272737114f9
Reviewed-on: https://go-review.googlesource.com/c/go/+/446639
Auto-Submit: Russ Cox <rsc@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
---
 src/encoding/xml/read.go      | 12 ++++++++----
 src/encoding/xml/read_test.go |  7 ++++---
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/src/encoding/xml/read.go b/src/encoding/xml/read.go
index a6fb6654585..c2f495581ac 100644
--- a/src/encoding/xml/read.go
+++ b/src/encoding/xml/read.go
@@ -10,6 +10,7 @@ import (
 	"errors"
 	"fmt"
 	"reflect"
+	"runtime"
 	"strconv"
 	"strings"
 )
@@ -308,14 +309,17 @@ var (
 	textUnmarshalerType = reflect.TypeOf((*encoding.TextUnmarshaler)(nil)).Elem()
 )
 
-const maxUnmarshalDepth = 10000
+const (
+	maxUnmarshalDepth     = 10000
+	maxUnmarshalDepthWasm = 5000 // go.dev/issue/56498
+)
 
-var errExeceededMaxUnmarshalDepth = errors.New("exceeded max depth")
+var errUnmarshalDepth = errors.New("exceeded max depth")
 
 // Unmarshal a single XML element into val.
 func (d *Decoder) unmarshal(val reflect.Value, start *StartElement, depth int) error {
-	if depth >= maxUnmarshalDepth {
-		return errExeceededMaxUnmarshalDepth
+	if depth >= maxUnmarshalDepth || runtime.GOARCH == "wasm" && depth >= maxUnmarshalDepthWasm {
+		return errUnmarshalDepth
 	}
 	// Find start element if we need it.
 	if start == nil {
diff --git a/src/encoding/xml/read_test.go b/src/encoding/xml/read_test.go
index 35385c64909..3e85fca5c6f 100644
--- a/src/encoding/xml/read_test.go
+++ b/src/encoding/xml/read_test.go
@@ -9,6 +9,7 @@ import (
 	"errors"
 	"io"
 	"reflect"
+	"runtime"
 	"strings"
 	"testing"
 	"time"
@@ -1105,13 +1106,13 @@ func TestCVE202228131(t *testing.T) {
 	err := Unmarshal(bytes.Repeat([]byte("<a>"), maxUnmarshalDepth+1), &n)
 	if err == nil {
 		t.Fatal("Unmarshal did not fail")
-	} else if !errors.Is(err, errExeceededMaxUnmarshalDepth) {
-		t.Fatalf("Unmarshal unexpected error: got %q, want %q", err, errExeceededMaxUnmarshalDepth)
+	} else if !errors.Is(err, errUnmarshalDepth) {
+		t.Fatalf("Unmarshal unexpected error: got %q, want %q", err, errUnmarshalDepth)
 	}
 }
 
 func TestCVE202230633(t *testing.T) {
-	if testing.Short() {
+	if testing.Short() || runtime.GOARCH == "wasm" {
 		t.Skip("test requires significant memory")
 	}
 	defer func() {