xzyang / rpms / libxml2

Forked from rpms/libxml2 3 years ago
Clone

Blame SOURCES/libxml2-Another-variation-of-overflow-in-Conditional-sections.patch

267d54
From 8d9f8c6dca5fd34743ed11ef0c570c4306db10e5 Mon Sep 17 00:00:00 2001
267d54
From: Daniel Veillard <veillard@redhat.com>
267d54
Date: Fri, 23 Oct 2015 19:02:28 +0800
267d54
Subject: [PATCH] Another variation of overflow in Conditional sections
267d54
To: libvir-list@redhat.com
267d54
267d54
Which happen after the previous fix to
267d54
https://bugzilla.gnome.org/show_bug.cgi?id=756456
267d54
267d54
But stopping the parser and exiting we didn't pop the intermediary entities
267d54
and doing the SKIP there applies on an input which may be too small
267d54
267d54
Signed-off-by: Daniel Veillard <veillard@redhat.com>
267d54
---
267d54
 parser.c | 4 +++-
267d54
 1 file changed, 3 insertions(+), 1 deletion(-)
267d54
267d54
diff --git a/parser.c b/parser.c
267d54
index e2e0ad8..4926ab0 100644
267d54
--- a/parser.c
267d54
+++ b/parser.c
267d54
@@ -6895,7 +6895,9 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
267d54
 	"All markup of the conditional section is not in the same entity\n",
267d54
 				 NULL, NULL);
267d54
 	}
267d54
-        SKIP(3);
267d54
+	if ((ctxt-> instate != XML_PARSER_EOF) &&
267d54
+	    ((ctxt->input->cur + 3) < ctxt->input->end))
267d54
+	    SKIP(3);
267d54
     }
267d54
 }
267d54
 
267d54
-- 
267d54
2.5.0
267d54