This is the same fix as #497, but we're using auto_deleter instead
because if allocation function throws, we can't rely on an explicit call
to deallocate.
Comes along with two tests that validate the behavior.
WinCE lacks most recent CRT additions to MSVC; we used to explicitly disable specific sections
of code, but it's more comprehensive to just specify that the CRT is from MSVC7 instead of MSVC8.
Fixes#401
Previously when copying the allocator state we would copy an incorrect
root pointer into the document's current state; while this had a minimal
impact on the allocation state due to the fact that any new allocation
would need to create a new page, this used a potentially stale field of
the moved document when setting up new pages, which could create issues
in future uses of the pages.
This change fixes the core problem and also removes the use of the
_root->allocator from allocate_page since it's not clear why we need it
there in the first place.
Since foo//bar//baz adds two nodes for each //, we need to increment the
depth by 2 on each iteration to limit the AST correctly.
Fixes the stack overflow found by cluster-fuzz (I suspect the issue
there is a bit deeper, but this part is definitely a bug and as such I'd
rather wait for the next test case for now).
We now use open_file similarly to open_file_wide, and activate the
workaround for MSVC 2005+ since that's when the _s versions were added
in the first place.
Function call arguments are stored in a list which is processed
recursively during optimize(). We now limit the depth of this construct
as well to make sure optimize() doesn't run out of stack space.
The default stack on MSVC/x64/debug is sufficient for 1692 nested
invocations only, whereas on clang/linux it's ~8K...
For now set the limit to be conservative.
XPath parser and execution engine isn't stackless; the depth of the
query controls the amount of C stack space required.
This change instruments places in the parser where the control flow can
recurse, requiring too much C stack space to produce an AST, or where a
stackless parse is used to produce arbitrarily deep AST which will
create issues for downstream processing.
As a result XPath parser should now be fuzz safe for malicious inputs.
