[xml/sgml-pkgs] Bug#287371: xsltproc: Probable memory leak (when using document()?)

Vincent Lefevre vincent at vinc17.net
Thu Feb 10 12:08:33 GMT 2022 

Control: severity -1 grave
Control: retitle -1 xsltproc: DTD should be cached when included several times, or used memory should be limited
Control: tags -1 security

On 2005-02-09 17:52:31 +0100, Mike Hommey wrote:
> On Wed, Feb 09, 2005 at 05:38:54PM +0100, Vincent Lefevre <vincent at vinc17.org> wrote:
> > On 2005-02-09 17:12:21 +0100, Mike Hommey wrote:
> > > How big is the document you load with document() ? How many times it
> > > gets loaded ? Could you provide me the files ?
> > 
> > The documents are small, but the DTD is very big (this is a DTD based
> > on DocBook + MathML). Currently, about 50 documents are included.
> > 
> > I wanted to post a followup, but hadn't had the time yet. FYI, I had
> > a discussion with Daniel on the LibXSLT mailing-list 10 days ago. In
> > short, for some reasons, the DTD structures are not reused each time
> > a new document is parsed. IMHO, this could be solved by some form of
> > cache (corresponding to the DTD + internal subset if any).
> > 
> > Technically, this bug could be regarded as a wishlist. But using so
> > much memory should be regarded as a bug IMHO, unless the other XSLT
> > processors have the same problem.
> > 
> > The title of the bug should be changed to something like "DTD
> > structures should be shared/cached in case of multiple inclusions"
> > (when possible, of course).
> 
> Thanks for the feedback.
> Note that such "optimization" bugs are not really *that* important, so i
> downgraded this bug to wishlist, even if a huge amount of memory is
> used. Also note that 138MB is not *that* much considering the number of
> documents and the DTD size.

This is no different than CVE-2013-0338 and CVE-2013-0339[*]. The
point is that from a small document, one can exhaust the memory
of the machine. CVE-2013-0338 and CVE-2013-0339 are about entity
expansion, but there are the same consequences with just loading
data in memory.

[*] https://www.openwall.com/lists/oss-security/2013/02/22/3

-- 
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

More information about the debian-xml-sgml-pkgs mailing list