summary refs log tree commit diff
path: root/gnu/packages/patches/libxml2-CVE-2016-1762.patch
blob: 15ec6a0aee1bf120d7bb8d9d3f6f7802fb4c7799 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Copied from Debian.

From a7a94612aa3b16779e2c74e1fa353b5d9786c602 Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@redhat.com>
Date: Tue, 9 Feb 2016 12:55:29 +0100
Subject: [PATCH] Heap-based buffer overread in xmlNextChar

For https://bugzilla.gnome.org/show_bug.cgi?id=759671

when the end of the internal subset isn't properly detected
xmlParseInternalSubset should just return instead of trying
to process input further.

[carnil: drop patches to testsuite files]
---

diff --git a/parser.c b/parser.c
index c5741e3..0677030 100644
--- a/parser.c
+++ b/parser.c
@@ -8468,6 +8468,7 @@ xmlParseInternalSubset(xmlParserCtxtPtr ctxt) {
      */
     if (RAW != '>') {
 	xmlFatalErr(ctxt, XML_ERR_DOCTYPE_NOT_FINISHED, NULL);
+	return;
     }
     NEXT;
 }
-- 
2.8.1