f1ca092d73
https://secunia.com/advisories/53061/ https://bugzilla.gnome.org/show_bug.cgi?id=690202 ok ajacoutot@
33 lines
1.2 KiB
Plaintext
33 lines
1.2 KiB
Plaintext
$OpenBSD: patch-HTMLparser_c,v 1.1 2013/04/17 13:55:42 sthen Exp $
|
|
|
|
From de0cc20c29cb3f056062925395e0f68d2250a46f Mon Sep 17 00:00:00 2001
|
|
From: Daniel Veillard <veillard@redhat.com>
|
|
Date: Tue, 12 Feb 2013 08:55:34 +0000
|
|
Subject: Fix some buffer conversion issues
|
|
|
|
https://bugzilla.gnome.org/show_bug.cgi?id=690202
|
|
|
|
Buffer overflow errors originating from xmlBufGetInputBase in 2.9.0
|
|
The pointers from the context input were not properly reset after
|
|
that call which can do reallocations.
|
|
|
|
--- HTMLparser.c.orig Tue Sep 11 05:23:25 2012
|
|
+++ HTMLparser.c Wed Apr 17 14:33:44 2013
|
|
@@ -6054,6 +6054,8 @@ htmlParseChunk(htmlParserCtxtPtr ctxt, const char *chu
|
|
if ((in->encoder != NULL) && (in->buffer != NULL) &&
|
|
(in->raw != NULL)) {
|
|
int nbchars;
|
|
+ size_t base = xmlBufGetInputBase(in->buffer, ctxt->input);
|
|
+ size_t current = ctxt->input->cur - ctxt->input->base;
|
|
|
|
nbchars = xmlCharEncInput(in);
|
|
if (nbchars < 0) {
|
|
@@ -6061,6 +6063,7 @@ htmlParseChunk(htmlParserCtxtPtr ctxt, const char *chu
|
|
"encoder error\n", NULL, NULL);
|
|
return(XML_ERR_INVALID_ENCODING);
|
|
}
|
|
+ xmlBufSetInputBaseCur(in->buffer, ctxt->input, base, current);
|
|
}
|
|
}
|
|
}
|