RuntimeError "entity expansion has grown too large" with default entities in REXML::Parsers::BaseParser after 3.3.3

[vikiv480]

Why?

We are using the ruby/rss gem to parse XML feeds and we get RuntimeErrors “entity expansion has grown too large” since rexml 3.3.3 even though there is only default entities in the feeds.

How to reproduce

Code:

# rexml/refactor_entity_example.rb

$LOAD_PATH.unshift(File.expand_path("lib"))

require "rexml/parsers/baseparser"

valid_feed = "<p>#{'A' * 10_240}</p>"

base_parser = REXML::Parsers::BaseParser.new("")
base_parser.unnormalize(valid_feed) # => "<p>" + "A" * 10_240 + "</p>"

Error:

❯ bundle exec ruby refactor_entity_example.rb
/Users/vikiv/repos/rexml/lib/rexml/parsers/baseparser.rb:558:in `block in unnormalize': entity expansion has grown too large (RuntimeError)
	from /Users/vikiv/repos/rexml/lib/rexml/parsers/baseparser.rb:551:in `each'
	from /Users/vikiv/repos/rexml/lib/rexml/parsers/baseparser.rb:551:in `unnormalize'
	from refactor_entity_example.rb:8:in `<main>'

Suggestion



I suggest we change #entity/#unnormalize to not raise the RuntimeError “entity expansion has grown too large” when the feed consists of only default entities.

diff --git a/lib/rexml/parsers/baseparser.rb b/lib/rexml/parsers/baseparser.rb
index 342f948..d560d3a 100644
--- a/lib/rexml/parsers/baseparser.rb
+++ b/lib/rexml/parsers/baseparser.rb
@@ -505,15 +505,13 @@ module REXML
       private :pull_event

       def entity( reference, entities )
-        value = nil
         value = entities[ reference ] if entities
         if value
           record_entity_expansion
-        else
-          value = DEFAULT_ENTITIES[ reference ]
-          value = value[2] if value
+          return unnormalize( value, entities ) if value
         end
-        unnormalize( value, entities ) if value
+
+        nil
       end

       # Escapes all possible entities