packages/libxml2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
libxml2/backport-malloc-fail-Fix-buffer-overread-after-htmlParseScrip.patch
zhuofeng feb7e8218d backport upstream patches 
(cherry picked from commit ec64ed27a9add0f7a9bf6ee351ad67302a60c383)
2023-06-20 11:16:46 +08:00

38 lines
1.0 KiB
Diff
Raw Permalink Blame History

From 44ecefc8cc299a66ac21ffec141eb261e92638da Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Mon, 20 Mar 2023 15:52:38 +0100
Subject: [PATCH] malloc-fail: Fix buffer overread after htmlParseScript
Found by OSS-Fuzz, see #344.
Reference:https://github.com/GNOME/libxml2/commit/44ecefc8cc299a66ac21ffec141eb261e92638da
Conflict:HTMLparser.c
---
HTMLparser.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/HTMLparser.c b/HTMLparser.c
index 0cc9824..4f1a3d8 100644
--- a/HTMLparser.c
+++ b/HTMLparser.c
@@ -3137,6 +3137,7 @@ htmlParseScript(htmlParserCtxtPtr ctxt) {
htmlParseErrInt(ctxt, XML_ERR_INVALID_CHAR,
"Invalid char in CDATA 0x%X\n", cur);
}
+ NEXTL(l);
if (nbchar >= HTML_PARSER_BIG_BUFFER_SIZE) {
buf[nbchar] = 0;
if (ctxt->sax->cdataBlock!= NULL) {
@@ -3149,7 +3150,6 @@ htmlParseScript(htmlParserCtxtPtr ctxt) {
}
nbchar = 0;
}
- NEXTL(l);
GROW;
cur = CUR_CHAR(l);
}
--
2.27.0
Reference in New Issue View Git Blame Copy Permalink