From eb9b46962020b2c7d4ffe6fbd1579f8eeded246d Mon Sep 17 00:00:00 2001
From: Darian Anthony Patrick <dpatrick@wikimedia.org>
Date: Tue, 19 Apr 2016 10:29:10 -0700
Subject: [PATCH] Skip shell invocation on large input

Add a sanity check to the math extension that skips shelling out to
texvc if the input is insanely large.

Bug: T129506
Change-Id: I2c7b6561464bddb4c3eab9230fa8168b24adaa37
---
 MathInputCheckTexvc.php | 6 ++++++
 MathTexvc.php           | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/MathInputCheckTexvc.php b/MathInputCheckTexvc.php
index 59849d6..6cbc1d4 100644
--- a/MathInputCheckTexvc.php
+++ b/MathInputCheckTexvc.php
@@ -75,6 +75,12 @@ class MathInputCheckTexvc extends MathInputCheck {
 			return true;
 		}
 
+		if ( strlen( $this->inputTeX() ) > WF_MAX_SHELL_ARG_STRLEN ) {
+			LoggerFactory::getInstance( 'Math' )->error(
+				"User input exceeded WF_MAX_SHELL_ARG_STRLEN." );
+			return $this->getError( 'math_unknown_error' );
+		}
+
 		$cmd = $texvcCheckExecutable . ' ' . wfEscapeShellArg( $this->inputTeX );
 
 		if ( wfIsWindows() ) {
diff --git a/MathTexvc.php b/MathTexvc.php
index 7369c9f..404862c 100644
--- a/MathTexvc.php
+++ b/MathTexvc.php
@@ -190,6 +190,12 @@ class MathTexvc extends MathRenderer {
 			return $this->getError( 'math_notexvc' );
 		}
 
+		if ( strlen( $this->getUserInputTex() ) > WF_MAX_SHELL_ARG_STRLEN ) {
+			LoggerFactory::getInstance( 'Math' )->error(
+				"User input exceeded WF_MAX_SHELL_ARG_STRLEN." );
+			return $this->getError( 'math_unknown_error' );
+		}
+
 		$escapedTmpDir = wfEscapeShellArg( $tmpDir );
 
 		$cmd = $texvc . ' ' .
-- 
2.5.4 (Apple Git-61)