Add ability to specify max number of allowed elements inside stanza

prefiks · prefiks · commit d6045a677943 · 2026-04-08T12:09:33.000+02:00
Also support changing limits on already initialized parser
diff --git a/c_src/fxml_stream.c b/c_src/fxml_stream.c
@@ -21,6 +21,7 @@
 #include <expat.h>
 
 #define PARSING_NOT_RESUMABLE XML_FALSE
+#define LIMIT_MAX ((ErlNifUInt64)-1)
 
 #define ASSERT(x) if (!(x)) return 0
 #define PARSER_ASSERT(X, E) do { if (!(X)) { state->error = (E); XML_StopParser(state->parser, PARSING_NOT_RESUMABLE); return; } } while(0)
@@ -56,8 +57,10 @@ typedef struct {
   ErlNifEnv *send_env;
   ErlNifPid *pid;
   size_t depth;
-  size_t size;
-  size_t max_size;
+  ErlNifUInt64 size;
+  ErlNifUInt64 elements_count;
+  ErlNifUInt64 max_size;
+  ErlNifUInt64 max_elements;
   XML_Parser parser;
   xmlel_stack_t *elements_stack;
   attrs_list_t *xmlns_attrs;
@@ -256,6 +259,7 @@ static ERL_NIF_TERM str2bin(ErlNifEnv *env, const char *s)
 static void send_event(state_t *state, ERL_NIF_TERM el)
 {
   state->size = 0;
+  state->elements_count = 0;
   if (state->gen_server) {
     enif_send(state->env, state->pid, state->send_env,
               enif_make_tuple2(state->send_env,
@@ -270,6 +274,7 @@ static void send_event(state_t *state, ERL_NIF_TERM el)
 static void send_all_state_event(state_t *state, ERL_NIF_TERM el)
 {
   state->size = 0;
+  state->elements_count = 0;
   if (state->gen_server) {
     enif_send(state->env, state->pid, state->send_env,
               enif_make_tuple2(state->send_env,
@@ -311,6 +316,9 @@ void erlXML_StartElementHandler(state_t *state,
   if (state->error)
     return;
 
+  state->elements_count += 1;
+  PARSER_ASSERT(state->elements_count < state->max_elements, "XML stanza is too big");
+
   state->depth++;
 
   while (atts[i])
@@ -851,6 +859,7 @@ static ERL_NIF_TERM reset_nif(ErlNifEnv* env, int argc,
   enif_clear_env(state->send_env);
 
   state->size = 0;
+  state->elements_count = 0;
   state->depth = 0;
   state->error = NULL;
 
@@ -888,6 +897,9 @@ static ERL_NIF_TERM parse_element_nif(ErlNifEnv* env, int argc,
   if (!state)
     return enif_make_badarg(env);
 
+  state->max_elements = LIMIT_MAX;
+  state->max_size = LIMIT_MAX;
+
   state->send_env = env;
   state->use_maps = use_maps;
 
@@ -962,11 +974,14 @@ static ERL_NIF_TERM parse_nif(ErlNifEnv* env, int argc,
   state->size += bin.size;
   state->env = env;
 
+  if (state->error) {
+    send_error(state, str2bin(state->send_env, state->error));
+    return argv[0];
+  }
+
   if (state->size >= state->max_size) {
-    size_t size = state->size;
-    send_error(state, str2bin(state->send_env, "XML stanza is too big"));
-    /* Don't let send_event() to set size to zero */
-    state->size = size;
+    state->error = "XML stanza is too big";
+    send_error(state, str2bin(state->send_env, state->error));
   } else {
     int res = XML_Parse(state->parser, (char *)bin.data, bin.size, 0);
     if (!res)
@@ -1059,17 +1074,68 @@ static ERL_NIF_TERM new_nif(ErlNifEnv* env, int argc,
   ERL_NIF_TERM result = enif_make_resource(env, state);
   enif_release_resource(state);
 
-  ErlNifUInt64 max_size;
-  if (enif_get_uint64(env, argv[1], &max_size))
+  ErlNifUInt64 max_size, max_elements;
+  int arity;
+  ERL_NIF_TERM *tuple_elements;
+  if (enif_get_uint64(env, argv[1], &max_size)) {
     state->max_size = (size_t) max_size;
-  else if (!enif_compare(argv[1], enif_make_atom(env, "infinity")))
-    state->max_size = (size_t) - 1;
-  else
+    state->max_elements = LIMIT_MAX;
+  } else if (!enif_compare(argv[1], enif_make_atom(env, "infinity"))) {
+    state->max_size = LIMIT_MAX;
+    state->max_elements = LIMIT_MAX;
+  } else if (enif_get_tuple(env, argv[1], &arity, &tuple_elements) && arity == 2) {
+    if (enif_get_uint64(env, tuple_elements[0], &max_size)) {
+      state->max_size = max_size;
+    } else if (!enif_compare(tuple_elements[0], enif_make_atom(env, "infinity"))) {
+      state->max_size = LIMIT_MAX;
+    } else {
+      return enif_make_badarg(env);
+    }
+
+    if (enif_get_uint64(env, tuple_elements[1], &max_elements)) {
+      state->max_elements = max_elements;
+    } else if (!enif_compare(tuple_elements[1], enif_make_atom(env, "infinity"))) {
+      state->max_elements = LIMIT_MAX;
+    } else {
+      return enif_make_badarg(env);
+    }
+  } else
     return enif_make_badarg(env);
 
   return result;
 }
 
+static ERL_NIF_TERM change_limits_nif(ErlNifEnv* env, int argc,
+                                      const ERL_NIF_TERM argv[])
+{
+  state_t *state = NULL;
+
+  if (argc != 3)
+    return enif_make_badarg(env);
+
+  if (!enif_get_resource(env, argv[0], parser_state_t, (void *) &state))
+    return enif_make_badarg(env);
+
+  ErlNifUInt64 max_size, max_elements;
+  if (enif_get_uint64(env, argv[1], &max_size)) {
+  } else if (!enif_compare(argv[1], enif_make_atom(env, "infinity"))) {
+    max_size = LIMIT_MAX;
+  } else
+    return enif_make_badarg(env);
+
+  if (enif_get_uint64(env, argv[2], &max_elements)) {
+  } else if (!enif_compare(argv[2], enif_make_atom(env, "infinity"))) {
+    max_elements = LIMIT_MAX;
+  } else
+    return enif_make_badarg(env);
+
+  state->max_size = max_size;
+  state->max_elements = max_elements;
+
+  return enif_make_atom(env, "ok");
+}
+
+
 static ErlNifFunc nif_funcs[] =
   {
     {"new", 2, new_nif},
@@ -1079,7 +1145,8 @@ static ErlNifFunc nif_funcs[] =
     {"parse_element", 2, parse_element_nif},
     {"reset", 1, reset_nif},
     {"close", 1, close_nif},
-    {"change_callback_pid", 2, change_callback_pid_nif}
+    {"change_callback_pid", 2, change_callback_pid_nif},
+    {"change_limits", 3, change_limits_nif}
   };
 
 ERL_NIF_INIT(fxml_stream, nif_funcs, load, NULL, upgrade, NULL)
diff --git a/src/fxml_stream.erl b/src/fxml_stream.erl
@@ -30,7 +30,7 @@
 -on_load(init/0).
 
 -export([new/1, new/2, new/3, parse/2, close/1, reset/1,
-	 change_callback_pid/2, parse_element/1, parse_element/2]).
+	 change_callback_pid/2, change_limits/3, parse_element/1, parse_element/2]).
 
 -export([load_nif/0, load_nif/1]).
 
@@ -77,12 +77,12 @@ load_nif(SOPath) ->
 new(CallbackPid) ->
     new(CallbackPid, infinity).
 
--spec new(pid(), non_neg_integer() | infinity) -> xml_stream_state().
+-spec new(pid(), non_neg_integer() | infinity | {non_neg_integer() | infinity, non_neg_integer() | infinity}) -> xml_stream_state().
 
 new(_CallbackPid, _MaxSize) ->
     erlang:nif_error(nif_not_loaded).
 
--spec new(pid(), non_neg_integer() | infinity, list()) -> xml_stream_state().
+-spec new(pid(), non_neg_integer() | infinity | {non_neg_integer() | infinity, non_neg_integer() | infinity}, list()) -> xml_stream_state().
 
 new(_CallbackPid, _MaxSize, _Options) ->
     erlang:nif_error(nif_not_loaded).
@@ -97,6 +97,10 @@ reset(_State) ->
 change_callback_pid(_State, _CallbackPid) ->
     erlang:nif_error(nif_not_loaded).
 
+-spec change_limits(xml_stream_state(), non_neg_integer() | infinity, non_neg_integer() | infinity) -> ok.
+change_limits(_State, _NewMaxSize, _NewMaxElements) ->
+    erlang:nif_error(nif_not_loaded).
+
 -spec parse(xml_stream_state(), binary()) -> xml_stream_state().
 
 parse(_State, _Data) ->
diff --git a/test/fxml_test.erl b/test/fxml_test.erl
@@ -419,6 +419,37 @@ too_big_with_data_after_test() ->
 		   <<"</foo></start>">>,
 		   [{xmlstreamerror, <<"XML stanza is too big">>}]
 		 }]).
+		
+too_much_elements_test() ->
+    CallbackPid = spawn_link(fun() -> receiver([]) end),
+    Stream0 = new(CallbackPid, {infinity, 3}),
+    Stream1 = fxml_stream:parse(Stream0, <<"<a>">>),
+    Stream2 = fxml_stream:parse(Stream1, <<"<b/>">>),
+    Stream3 = fxml_stream:parse(Stream2, <<"<b><c/></b>">>),
+    Stream4 = fxml_stream:parse(Stream3, <<"<b><c/><d/></b>">>),
+    Stream5 = fxml_stream:parse(Stream4, <<"<b/>">>),
+    ?assertEqual([{xmlstreamstart, <<"a">>, []},
+		  {xmlstreamelement, #xmlel{name = <<"b">>}},
+		  {xmlstreamelement, #xmlel{name = <<"b">>, children = [#xmlel{name = <<"c">>}]}},
+		  {xmlstreamerror, <<"XML stanza is too big">>},
+		  {xmlstreamerror, <<"XML stanza is too big">>}],
+		 collect_events(CallbackPid)),
+    close(Stream5).
+	
+runtime_limits_change_test() ->
+    CallbackPid = spawn_link(fun() -> receiver([]) end),
+    Stream0 = new(CallbackPid, {infinity, 3}),
+    Stream1 = fxml_stream:parse(Stream0, <<"<a>">>),
+    Stream2 = fxml_stream:parse(Stream1, <<"<b/>">>),
+    Stream3 = fxml_stream:parse(Stream2, <<"<b><c/></b>">>),
+	ok = fxml_stream:change_limits(Stream3, infinity, infinity),
+    Stream4 = fxml_stream:parse(Stream3, <<"<b><c/><d/></b>">>),
+    ?assertEqual([{xmlstreamstart, <<"a">>, []},
+		  {xmlstreamelement, #xmlel{name = <<"b">>}},
+		  {xmlstreamelement, #xmlel{name = <<"b">>, children = [#xmlel{name = <<"c">>}]}},
+		  {xmlstreamelement, #xmlel{name = <<"b">>, children = [#xmlel{name = <<"c">>}, #xmlel{name = <<"d">>}]}}],
+		 collect_events(CallbackPid)),
+    close(Stream4).
 
 close_close_test() ->
     Stream = new(),
