util.xml: Break reference to help the GC (fix #1711)

LuaExpat uses a registry reference to track handlers, which makes
it so that an upvalue like this creates a reference loop that keeps the
parser and its handlers from being garbage collected. The same issue has
affected util.xmppstream in the past.

Code for checking:

	local xml_parse = require"util.xml".parse;
	for i = 1, 10000 do xml_parse("<root/>") end
	collectgarbage(); collectgarbage();
	print(collectgarbage("count"), "KiB");

A future release of LuaExpat may fix the underlying issue there.

1 files changed, 4 insertions, 5 deletions

diff --git a/util/xml.lua b/util/xml.lua
index 700da1d4b..72f1a26b2 100644
--- a/util/xml.lua
+++ b/util/xml.lua
@@ -65,27 +65,26 @@ local parse_xml = (function()
 		function handler:EndElement()
 			stanza:up();
 		end
-		local parser;
 		-- SECURITY: These two handlers, especially the Doctype one, are required to prevent exploits such as Billion Laughs.
 		function handler:StartDoctypeDecl()
-			if not parser.stop or not parser:stop() then
+			if not self.stop or not self:stop() then
 				error("Failed to abort parsing");
 			end
 		end
 		function handler:ProcessingInstruction()
-			if not parser.stop or not parser:stop() then
+			if not self.stop or not self:stop() then
 				error("Failed to abort parsing");
 			end
 		end
 		if not options or not options.allow_comments then
 			-- NOTE: comments are generally harmless and can be useful when parsing configuration files or other data, even user-provided data
 			function handler:Comment()
-				if not parser.stop or not parser:stop() then
+				if not self.stop or not self:stop() then
 					error("Failed to abort parsing");
 				end
 			end
 		end
-		parser = lxp.new(handler, ns_separator);
+		local parser = lxp.new(handler, ns_separator);
 		local ok, err, line, col = parser:parse(xml);
 		if ok then ok, err, line, col = parser:parse(); end
 		--parser:close();