ox 2.14.27 → 2.14.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +7 -0
  3. data/ext/ox/parse.c +8 -0
  4. data/lib/ox/version.rb +1 -1
  5. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b981c5e93cbbe907c8beb655007ebd2d3bfd740da911372ce82ea329e85773f0
4
- data.tar.gz: 98935b178f268fad229368d02b2efd14529b4144aebae15b557aed80d20a5aac
3
+ metadata.gz: 55a1d3d6cf3b51d434dc27e11ac62c93b2eab2b08426daf03c13f295b43cdd5e
4
+ data.tar.gz: 17b62fcfb67d670bf3693b6863d3906cd52a5f61b0344d5aa5fd1ed8dda26584
5
5
  SHA512:
6
- metadata.gz: aaa1d3f2183519ef26fd82b80f1bae7bef61216e8404ae03fcc0ad7c9b8e450b2acb423cb7f113be08fa3cab8ba448cf25425e7cc12e138a63e04c93642e2523
7
- data.tar.gz: b0b0e20339a346d17a3a29b57e8c1d722b5999d346d775c6f587400aa8affa30e63186a5a6109dd59091fd13ecc172ef93d69e8168bc65a2aa70bd66e76f58ec
6
+ metadata.gz: c063a565a7dc1f1edd042377fbf195d53533a8a3d1585f3a29455beefb9cc7d4c6e9e4911c4632ee48c45f67b4a16b34c8cde7fbcb5aa5c63db74240e7d72230
7
+ data.tar.gz: 4338c45e7ea8c81948d0dc44af7244593fd0594b9c6c38ffddd1bd247baaa1369e856b8604e09419f8c035cc36478a633d50c005c171ecc4d054c2def302d53a
data/CHANGELOG.md CHANGED
@@ -2,6 +2,13 @@
2
2
 
3
3
  All changes to the Ox gem are documented here. Releases follow semantic versioning.
4
4
 
5
+ ## [2.14.28] - 2026-06-28
6
+
7
+ ### Fixed
8
+
9
+ - Parsing an excessively long DOCTYPE now raises and error instead of
10
+ waiting for a stack too deep system error.
11
+
5
12
  ## [2.14.27] - 2026-06-18
6
13
 
7
14
  ### Fixed
data/ext/ox/parse.c CHANGED
@@ -19,6 +19,9 @@
19
19
  #include "special.h"
20
20
 
21
21
  #define MAX_ELEMENT_DEPTH 1000
22
+ // Anything even close to the max prolog length is most likely someone trying
23
+ // to break something.
24
+ #define MAX_PROLOG 32767
22
25
 
23
26
  static void mark_pi_cb(void *ptr);
24
27
  static void read_instruction(PInfo pi);
@@ -382,6 +385,11 @@ static void read_delimited(PInfo pi, char end) {
382
385
  if (end == c) {
383
386
  return;
384
387
  }
388
+ if (MAX_PROLOG < (pi->s - pi->str)) {
389
+ pi->s--;
390
+ set_error(&pi->err, "prolog (doctype) too long", pi->str, pi->s);
391
+ return;
392
+ }
385
393
  switch (c) {
386
394
  case '\0':
387
395
  pi->s--;
data/lib/ox/version.rb CHANGED
@@ -1,4 +1,4 @@
1
1
  module Ox
2
2
  # Current version of the module.
3
- VERSION = '2.14.27'
3
+ VERSION = '2.14.28'
4
4
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ox
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.14.27
4
+ version: 2.14.28
5
5
  platform: ruby
6
6
  authors:
7
7
  - Peter Ohler