xzyang / rpms / libxml2

Forked from rpms/libxml2 3 years ago
Clone

Blame SOURCES/libxml2-Another-variation-of-overflow-in-Conditional-sections.patch

6dedca
From 8d9f8c6dca5fd34743ed11ef0c570c4306db10e5 Mon Sep 17 00:00:00 2001
6dedca
From: Daniel Veillard <veillard@redhat.com>
6dedca
Date: Fri, 23 Oct 2015 19:02:28 +0800
6dedca
Subject: [PATCH] Another variation of overflow in Conditional sections
6dedca
To: libvir-list@redhat.com
6dedca
6dedca
Which happen after the previous fix to
6dedca
https://bugzilla.gnome.org/show_bug.cgi?id=756456
6dedca
6dedca
But stopping the parser and exiting we didn't pop the intermediary entities
6dedca
and doing the SKIP there applies on an input which may be too small
6dedca
6dedca
Signed-off-by: Daniel Veillard <veillard@redhat.com>
6dedca
---
6dedca
 parser.c | 4 +++-
6dedca
 1 file changed, 3 insertions(+), 1 deletion(-)
6dedca
6dedca
diff --git a/parser.c b/parser.c
6dedca
index e2e0ad8..4926ab0 100644
6dedca
--- a/parser.c
6dedca
+++ b/parser.c
6dedca
@@ -6895,7 +6895,9 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
6dedca
 	"All markup of the conditional section is not in the same entity\n",
6dedca
 				 NULL, NULL);
6dedca
 	}
6dedca
-        SKIP(3);
6dedca
+	if ((ctxt-> instate != XML_PARSER_EOF) &&
6dedca
+	    ((ctxt->input->cur + 3) < ctxt->input->end))
6dedca
+	    SKIP(3);
6dedca
     }
6dedca
 }
6dedca
 
6dedca
-- 
6dedca
2.5.0
6dedca