Instantly bail out from the resolver on too long placeables

stasm · stasm · commit aec37fa4548e · 2019-07-18T11:29:53.000+02:00
diff --git a/fluent/src/bundle.js b/fluent/src/bundle.js
@@ -1,5 +1,6 @@
 import {resolveComplexPattern} from "./resolver.js";
 import FluentResource from "./resource.js";
+import { FluentNone } from "./types.js";
 
 /**
  * Message bundles are single-language stores of translations.  They are
@@ -220,8 +221,13 @@ export default class FluentBundle {
     // Resolve a complex pattern.
     if (Array.isArray(pattern)) {
       let scope = this._createScope(args, errors);
-      let value = resolveComplexPattern(scope, pattern);
-      return value.toString(scope);
+      try {
+        let value = resolveComplexPattern(scope, pattern);
+        return value.toString(scope);
+      } catch (err) {
+        scope.errors.push(err);
+        return new FluentNone().toString(scope);
+      }
     }
 
     throw new TypeError("Invalid Pattern type");
diff --git a/fluent/src/resolver.js b/fluent/src/resolver.js
@@ -283,14 +283,15 @@ export function resolveComplexPattern(scope, ptn) {
     }
 
     if (part.length > MAX_PLACEABLE_LENGTH) {
-      scope.errors.push(
-        new RangeError(
-          "Too many characters in placeable " +
-          `(${part.length}, max allowed is ${MAX_PLACEABLE_LENGTH})`
-        )
-      );
       scope.dirty.delete(ptn);
-      return new FluentNone();
+      // This is a fatal error which causes the resolver to instantly bail out
+      // on this pattern. The length check protects against excessive memory
+      // usage, and throwing protects against eating up the CPU when long
+      // placeables are deeply nested.
+      throw new RangeError(
+        "Too many characters in placeable " +
+        `(${part.length}, max allowed is ${MAX_PLACEABLE_LENGTH})`
+      );
     }
 
     result.push(part);
diff --git a/fluent/test/bomb_test.js b/fluent/test/bomb_test.js
@@ -13,8 +13,6 @@ suite('Reference bombs', function() {
   });
 
   suite('Billion Laughs', function(){
-    this.timeout(10000);
-
     suiteSetup(function() {
       bundle = new FluentBundle('en-US', { useIsolating: false });
       bundle.addMessages(ftl`
@@ -35,11 +33,8 @@ suite('Reference bombs', function() {
     test('does not expand all placeables', function() {
       const msg = bundle.getMessage('lolz');
       const val = bundle.formatPattern(msg.value, args, errs);
-      assert.strictEqual(
-        val,
-        '{???} {???} {???} {???} {???} {???} {???} {???} {???} {???}'
-      );
-      assert.strictEqual(errs.length, 10010);
+      assert.strictEqual(val, '{???}');
+      assert.strictEqual(errs.length, 1);
     });
   });
 });
