|
 |
267d54 |
From ebf48b59943833b5f57e909e5d00f0d6e75e874e Mon Sep 17 00:00:00 2001
|
|
|
267d54 |
From: Hugh Davenport <hugh@allthethings.co.nz>
|
|
|
267d54 |
Date: Fri, 20 Nov 2015 17:16:06 +0800
|
|
|
267d54 |
Subject: [PATCH] CVE-2015-8242 Buffer overead with HTML parser in push mode
|
|
|
267d54 |
To: libvir-list@redhat.com
|
|
|
267d54 |
|
|
|
267d54 |
For https://bugzilla.gnome.org/show_bug.cgi?id=756372
|
|
|
267d54 |
Error in the code pointing to the codepoint in the stack for the
|
|
|
267d54 |
current char value instead of the pointer in the input that the SAX
|
|
|
267d54 |
callback expects
|
|
|
267d54 |
Reported and fixed by Hugh Davenport
|
|
|
267d54 |
|
|
|
267d54 |
Signed-off-by: Daniel Veillard <veillard@redhat.com>
|
|
|
267d54 |
---
|
|
|
267d54 |
HTMLparser.c | 6 +++---
|
|
|
267d54 |
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
|
267d54 |
|
|
|
267d54 |
diff --git a/HTMLparser.c b/HTMLparser.c
|
|
|
267d54 |
index cab499a..4331d53 100644
|
|
|
267d54 |
--- a/HTMLparser.c
|
|
|
267d54 |
+++ b/HTMLparser.c
|
|
|
267d54 |
@@ -5708,17 +5708,17 @@ htmlParseTryOrFinish(htmlParserCtxtPtr ctxt, int terminate) {
|
|
|
267d54 |
if (ctxt->keepBlanks) {
|
|
|
267d54 |
if (ctxt->sax->characters != NULL)
|
|
|
267d54 |
ctxt->sax->characters(
|
|
|
267d54 |
- ctxt->userData, &cur, 1);
|
|
|
267d54 |
+ ctxt->userData, &in->cur[0], 1);
|
|
|
267d54 |
} else {
|
|
|
267d54 |
if (ctxt->sax->ignorableWhitespace != NULL)
|
|
|
267d54 |
ctxt->sax->ignorableWhitespace(
|
|
|
267d54 |
- ctxt->userData, &cur, 1);
|
|
|
267d54 |
+ ctxt->userData, &in->cur[0], 1);
|
|
|
267d54 |
}
|
|
|
267d54 |
} else {
|
|
|
267d54 |
htmlCheckParagraph(ctxt);
|
|
|
267d54 |
if (ctxt->sax->characters != NULL)
|
|
|
267d54 |
ctxt->sax->characters(
|
|
|
267d54 |
- ctxt->userData, &cur, 1);
|
|
|
267d54 |
+ ctxt->userData, &in->cur[0], 1);
|
|
|
267d54 |
}
|
|
|
267d54 |
}
|
|
|
267d54 |
ctxt->token = 0;
|
|
|
267d54 |
--
|
|
|
267d54 |
2.5.0
|
|
|
267d54 |
|