Maximum recursion depth issue in rendering templates

14 views
Skip to first unread message

Richard Liao

unread,
Aug 23, 2008, 9:59:03 PM8/23/08
to trac...@googlegroups.com
Hi all.

I have met a trac crash when I was trying to create new ticket or
access admin pages.
The trac crashes hardly with error: "segmentation fault" in my FreeBSD box.
After some digging, I found the problem lays in genshi's transform module.

The following is a test script to reproduce that hard crashe by
setting recursion limit exceeds the platform's capabilities:

import sys
from genshi.input import HTML
from genshi.builder import tag
from genshi.filters.transform import Transformer
sys.setrecursionlimit(1000 * 20)
stream = HTML('<html><head><title>Some Title</title></head>'
'<body>Some <em>body</em> text.</body></html>')
for i in xrange(1000 * 10):
stream = stream | Transformer('body').prepend(tag.h1('Document Title'))
print stream.render()

If comment out setrecursionlimit line to use system default recursion
limit, it raises exception: "RuntimeError: maximum recursion depth
exceeded".

File ".../genshi/filters/transform.py", line 686, in _unmark
for mark, event in stream:
File ".../genshi/filters/transform.py", line 1129, in __call__
for mark, event in stream:
File ".../genshi/filters/transform.py", line 713, in __call__
for mark, event in stream:
File ".../genshi/filters/transform.py", line 682, in _mark
for event in stream:
File ".../genshi/core.py", line 267, in _ensure
event = stream.next()
File ".../genshi/filters/transform.py", line 686, in _unmark
for mark, event in stream:
File ".../genshi/filters/transform.py", line 1129, in __call__
for mark, event in stream:
File ".../genshi/filters/transform.py", line 713, in __call__
for mark, event in stream:
File ".../genshi/filters/transform.py", line 682, in _mark
for event in stream:
File ".../genshi/core.py", line 267, in _ensure
event = stream.next()
...

The problem is that the transform module is in very deep and unlimited
recursion.

I think it's a problem in genshi, maybe also in trac?

I am not sure why trac crashes siliently with no exception raised
after I searched trac source codes but can't find any lines about
setrecursionlimit.

Has anyone got the same situation?

Regards,

Richard Liao

unread,
Sep 1, 2008, 9:12:12 AM9/1/08
to Trac Development
I searched days ago, and think we need do something to this problem,
because this can be a serious security problem in some circumstances.
Think of that someone trigger this function by adding a very long
template, the server will die siliently.

Noah Kantrowitz

unread,
Sep 1, 2008, 12:14:19 PM9/1/08
to trac...@googlegroups.com
Richard Liao wrote:
> I searched days ago, and think we need do something to this problem,
> because this can be a serious security problem in some circumstances.
> Think of that someone trigger this function by adding a very long
> template, the server will die siliently.
>

Don't throw around the term "security issue" unless you can back it up.
This is at worst an annoyance, however I don't know of any way to
exploit it remotely or do anything worse than DoS the server should the
admin leave a broken page up.

This is also not a Trac issue, it is a design problem in Genshi. The
simple solution is stop nesting filters so deeply.

--Noah

signature.asc

RjOllos

unread,
Jul 15, 2015, 7:31:46 PM7/15/15
to trac...@googlegroups.com
After reading the comments here and in (1), with my limited knowledge of Genshi I implemented a workaround for the same issue in (2). I'm interested to know if anyone has an idea of a better way to append a column to a long table using Genshi. I might just switch to a JavaScript implementation.

Reply all
Reply to author
Forward
0 new messages