xml do not crash parsing empty XML string

2022-11-09 03:07:31 +00:00 · 2022-11-09 03:07:31 +00:00 · ef44aeb069
commit ef44aeb069
parent 725786b2c5
2 changed files with 58 additions and 1 deletions
--- a/backport-xml-Don-t-crash-parsing-empty-XML-string.patch
+++ b/backport-xml-Don-t-crash-parsing-empty-XML-string.patch
@ -0,0 +1,50 @@
+From a217a9fea1a1cfb2bee3263b0ea08b860535af8d Mon Sep 17 00:00:00 2001
+From: Christophe Fergeau <cfergeau@redhat.com>
+Date: Mon, 16 Oct 2017 10:48:33 +0200
+Subject: [PATCH] xml: Don't crash parsing empty XML string
+
+Calling rest_xml_parser_parse_from_data() with an empty string ("")
+currently causes a crash as xmlReaderForMemory() returns NULL in that
+case, and we then try to dereference this pointer without checking it's
+non-NULL.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=789053
+---
+ rest/rest-xml-parser.c | 3 +++
+ tests/xml.c            | 6 ++++++
+ 2 files changed, 9 insertions(+)
+
+diff --git a/rest/rest-xml-parser.c b/rest/rest-xml-parser.c
+index ffa6ff3..796052e 100644
+--- a/rest/rest-xml-parser.c
+++ b/rest/rest-xml-parser.c
+@@ -103,6 +103,9 @@ rest_xml_parser_parse_from_data (RestXmlParser *parser,
+                                NULL, /* URL? */
+                                NULL, /* encoding */
+                                XML_PARSE_RECOVER | XML_PARSE_NOCDATA);
+  if (reader == NULL) {
+      return NULL;
+  }
+   xmlTextReaderSetErrorHandler(reader, rest_xml_parser_xml_reader_error, NULL);
+ 
+   while (xmlTextReaderRead (reader) == 1)
+diff --git a/tests/xml.c b/tests/xml.c
+index 4b7718b..9d03e29 100644
+--- a/tests/xml.c
+++ b/tests/xml.c
+@@ -34,6 +34,12 @@ main (int argc, char **argv)
+ 
+   parser = rest_xml_parser_new ();
+ 
+  root = rest_xml_parser_parse_from_data (parser, "", -1);
+  g_assert (root == NULL);
+
+  root = rest_xml_parser_parse_from_data (parser, "<invalid", -1);
+  g_assert (root == NULL);
+
+   root = rest_xml_parser_parse_from_data (parser, TEST_XML, strlen (TEST_XML));
+   g_assert (root);
+ 
+-- 
+2.33.0
+
--- a/rest.spec
+++ b/rest.spec
@ -1,12 +1,13 @@
 Name:		rest
 Version:	0.8.1
-Release:	7
+Release:	8
 Summary:	A library for access to RESTful web services
 License:	LGPLv2
 URL:		https://www.gnome.org
 Source0:	https://download.gnome.org/sources/%{name}/0.8/%{name}-%{version}.tar.xz

 Patch0:		rest-0.8.0-fix-the-XML-test.patch
+Patch1:		backport-xml-Don-t-crash-parsing-empty-XML-string.patch

 BuildRequires:	glib2-devel libsoup-devel libxml2-devel gobject-introspection-devel
 BuildRequires:  gtk-doc autoconf automake libtool libxslt
@ -66,6 +67,12 @@ autoreconf -fiv
 %{_datadir}/gtk-doc/html/rest-0.7

 %changelog
+* Wed Nov 09 2022 zhouyihang <zhouyihang3@h-partners.com> - 0.8.1-8
+- Type:bugfix
+- Id:NA
+- SUG:NA
+- DESC:xml do not crash parsing empty XML string
+
 * Sat Nov 23 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.8.1-7
 - Type:bugfix
 - Id:NA