News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

Bug in 2.016 can cause rss feeds to hang

Started by dcmouser, December 29, 2019, 10:18:27 AM

Previous topic - Next topic

dcmouser

Looks to me like the new 2.016 release has a bug in News.php serving rss feeds.  Took me a while to figure out why our server load was slowly growing out of control -- turns out some rss feeds were hanging in a php infinite loop.
In the function cdata_parse, 2.016 made a change to v2.015, replacing:
elseif ($smcFunc['substr']($data, $pos, 1) == ']')
{
$cdata .= ']]>&#093;<![CDATA[';
$pos++;
}


with

elseif ($smcFunc['substr']($data, $pos, 3) == ']]>')
{
$cdata .= ']]]]><![CDATA[>';
$pos = $pos + 3;
}


The problem is that the way the function is written, this can cause an infinite loop if it is parsing a post with a ] character in it, because there is no auto-incrementing of the $pos variable and it essentially keeps finding the same ']' and not advancing over it.  The $pos variable essentially loops forever without incrementing, causing an infinite loop.

One way to fix it is to add back in the old code from 2.015, another is to add a catch-all at the end of the elseif blocks like so:
else {
// ATTN: 12/29/19 alternate fix for bug introduced in 2.0.16, where $pos stays stuck on a [
// force advance $pos past this character
$pos++;
}


(Another way would be start the loop with $pos = -1 and check to make sure $pos>$old where it makes similar checks).

proud member of donationcoder.com (forum)

Illori

we are well aware of this issue. we are working on getting a patch out to fix this.

m4z

Thanks for the detailed explanatation and fix! <3 You're awesome!
"Faith is what you have in things that don't exist."
--Homer Simpson

Es gibt hier im Forum ein deutsches Support-Board!

SleePy

In News.php

Find:

$positions = array(
$smcFunc['strpos']($data, '&', $pos),
$smcFunc['strpos']($data, ']', $pos),
);


Replace with:

$positions = array(
$smcFunc['strpos']($data, '&', $pos),
$smcFunc['strpos']($data, ']]>', $pos),
);


This will be fixed in the next release (2.0.17).  You will have to revert this change to get 2.0.17 to apply cleanly.
Jeremy D ~ Site Team / SMF Developer ~ GitHub Profile ~ Join us on IRC @ Libera.chat/#smf ~ Support the SMF Support team!

spiros

So if someone has not applied 2.0.16 yet, both 2.0.16 and 2.0.17 should be applied when updating?

m4z

As stated in the release announcement, that depends. If you use the incremental patches, then yes. (But 2.0.17 isn't released yet.)
"Faith is what you have in things that don't exist."
--Homer Simpson

Es gibt hier im Forum ein deutsches Support-Board!

spiros


shawnb61

Address the process rather than the outcome.  Then, the outcome becomes more likely.   - Fripp

shawnb61

Address the process rather than the outcome.  Then, the outcome becomes more likely.   - Fripp

Advertisement: