From 6dde8685ed3f19837767bce7a13a5491e3d0e0bf Mon Sep 17 00:00:00 2001
From: Guillaume Ayoub <guillaume@courtbouillon.org>
Date: Tue, 10 Mar 2026 14:39:15 +0100
Subject: [PATCH] Abort when more than 100k referenced elements are rendered

This avoid exponential complexity with nested use tags.
---
 cairosvg/defs.py    | 3 +++
 cairosvg/surface.py | 1 +
 2 files changed, 4 insertions(+)

Index: CairoSVG-2.7.1/cairosvg/defs.py
===================================================================
--- CairoSVG-2.7.1.orig/cairosvg/defs.py
+++ CairoSVG-2.7.1/cairosvg/defs.py
@@ -331,6 +331,9 @@ def apply_filter_after_painting(surface,
 
 def use(surface, node):
     """Draw the content of another SVG node."""
+    surface.reference_count += 1
+    if not node.unsafe and surface.reference_count > 100_000:
+        raise ValueError('Abort rendering: more than 100 000 referenced elements')
     surface.context.save()
     surface.context.translate(
         size(surface, node.get('x'), 'x'), size(surface, node.get('y'), 'y'))
Index: CairoSVG-2.7.1/cairosvg/surface.py
===================================================================
--- CairoSVG-2.7.1.orig/cairosvg/surface.py
+++ CairoSVG-2.7.1/cairosvg/surface.py
@@ -159,6 +159,7 @@ class Surface(object):
         self.cursor_d_position = [0, 0]
         self.text_path_width = 0
         self.tree_cache = {(tree.url, tree.get('id')): tree}
+        self.reference_count = 0
         if parent_surface:
             self.markers = parent_surface.markers
             self.gradients = parent_surface.gradients