From 44050dca2ce9425716b956b8cd9502444ce4c3b3 Mon Sep 17 00:00:00 2001
From: Kunal Mehta <legoktm@member.fsf.org>
Date: Wed, 10 Mar 2021 10:24:23 -0800
Subject: [PATCH] SECURITY: Disable "sml" because of infinite loop DoS
 (CVE-2021-20270)

It is possible to trigger an infinite loop in "sml", causing a DoS.

SyntaxHighlight will fall back to displaying the code as <pre> formatted
text instead.

Bug: T276843
Change-Id: Iecdcc98d9d2eb838c7192171bca34d79f031213c
---
 SyntaxHighlight.lexers.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/SyntaxHighlight.lexers.php b/SyntaxHighlight.lexers.php
index f64672e..6f1a67c 100644
--- a/SyntaxHighlight.lexers.php
+++ b/SyntaxHighlight.lexers.php
@@ -572,7 +572,8 @@ return [
 	'smali',
 	'smalltalk',
 	'smarty',
-	'sml',
+	// Disabled because of CVE-2021-20270
+	// 'sml',
 	'snobol',
 	'snowball',
 	'sources.list',
-- 
2.29.2