From 1cd6f203eebf474f1c80865da609b4302dea2d94 Mon Sep 17 00:00:00 2001
From: Darian Anthony Patrick <dpatrick@wikimedia.org>
Date: Mon, 25 Apr 2016 11:55:18 -0700
Subject: [PATCH] Skip shell invocation on large input

Add a sanity check to the math extension that skips shelling out to
texvc if the input is insanely large.

Bug: T129506
Change-Id: I755a6de740bdfd9448d5ed654bdef6cbdd4a9498
---
 MathInputCheckTexvc.php | 4 ++++
 MathTexvc.php           | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/MathInputCheckTexvc.php b/MathInputCheckTexvc.php
index 419df64..09a8f35 100644
--- a/MathInputCheckTexvc.php
+++ b/MathInputCheckTexvc.php
@@ -75,6 +75,10 @@ class MathInputCheckTexvc extends MathInputCheck {
 		}
 
 		wfDebugLog( 'Math', "TeX check command: $cmd\n" );
+		if ( strlen( $cmd ) > SHELL_MAX_ARG_STRLEN ) {
+			wfDebugLog( 'Math', "User input exceeded SHELL_MAX_ARG_STRLEN.\n" );
+			return $this->convertTexvcError('');
+		}
 		$contents = wfShellExec( $cmd );
 		wfDebugLog( 'Math', "TeX check result:\n $contents\n---\n" );
 
diff --git a/MathTexvc.php b/MathTexvc.php
index 37e4b70..cb04e25 100644
--- a/MathTexvc.php
+++ b/MathTexvc.php
@@ -144,6 +144,10 @@ class MathTexvc extends MathRenderer {
 		wfDebugLog( 'Math', "TeX: $cmd\n" );
 		wfDebugLog( 'texvc', "Executing '$cmd'." );
 		$retval = null;
+		if ( strlen( $cmd ) > SHELL_MAX_ARG_STRLEN ) {
+			wfDebugLog( 'Math', "User input exceeded SHELL_MAX_ARG_STRLEN.\n" );
+			return $this->getError( 'math_unknown_error' );
+		}
 		$contents = wfShellExec( $cmd, $retval );
 		wfDebugLog( 'Math', "TeX output:\n $contents\n---\n" );
 
-- 
2.5.4 (Apple Git-61)