Control: severity -1 grave Control: retitle -1 xsltproc: DTD should be cached when included several times, or used memory should be limited Control: tags -1 security
On 2005-02-09 17:52:31 +0100, Mike Hommey wrote: > On Wed, Feb 09, 2005 at 05:38:54PM +0100, Vincent Lefevre > <vinc...@vinc17.org> wrote: > > On 2005-02-09 17:12:21 +0100, Mike Hommey wrote: > > > How big is the document you load with document() ? How many times it > > > gets loaded ? Could you provide me the files ? > > > > The documents are small, but the DTD is very big (this is a DTD based > > on DocBook + MathML). Currently, about 50 documents are included. > > > > I wanted to post a followup, but hadn't had the time yet. FYI, I had > > a discussion with Daniel on the LibXSLT mailing-list 10 days ago. In > > short, for some reasons, the DTD structures are not reused each time > > a new document is parsed. IMHO, this could be solved by some form of > > cache (corresponding to the DTD + internal subset if any). > > > > Technically, this bug could be regarded as a wishlist. But using so > > much memory should be regarded as a bug IMHO, unless the other XSLT > > processors have the same problem. > > > > The title of the bug should be changed to something like "DTD > > structures should be shared/cached in case of multiple inclusions" > > (when possible, of course). > > Thanks for the feedback. > Note that such "optimization" bugs are not really *that* important, so i > downgraded this bug to wishlist, even if a huge amount of memory is > used. Also note that 138MB is not *that* much considering the number of > documents and the DTD size. This is no different than CVE-2013-0338 and CVE-2013-0339[*]. The point is that from a small document, one can exhaust the memory of the machine. CVE-2013-0338 and CVE-2013-0339 are about entity expansion, but there are the same consequences with just loading data in memory. [*] https://www.openwall.com/lists/oss-security/2013/02/22/3 -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
