Mercurial Mercurial > upstream > oracle > userland-gate / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/tidy/patches/fix-heap-overflow.patch
author Mike Sullivan <Mike.Sullivan@Oracle.COM>
Thu, 16 Jun 2016 20:28:32 -0700
changeset 6235 309c116f1e44
parent 4467 775a857a1e2a
permissions -rw-r--r--
Close of build 102.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
4467
775a857a1e2a 21199998 problem in LIBRARY/TIDY
Rich Burridge <rich.burridge@oracle.com>
parents:
diff changeset 
     1
 
Fix tidy issue #217 - heap-buffer-overflow
775a857a1e2a 21199998 problem in LIBRARY/TIDY
Rich Burridge <rich.burridge@oracle.com>
parents:
diff changeset 
     2
 
https://github.com/htacg/tidy-html5/issues/217
775a857a1e2a 21199998 problem in LIBRARY/TIDY
Rich Burridge <rich.burridge@oracle.com>
parents:
diff changeset 
     3
 












775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




     4


See also:













775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




     5














775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




     6


https://bugzilla.redhat.com/show_bug.cgi?id=1228297













775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




     7














775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




     8


with git commit at:













775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




     9














775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




    10


https://github.com/htacg/tidy-html5/commit/c18f27a58792f7fbd0b30a0ff50d6b40a82f940d













775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




    11














775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




    12


(Note that this is for tidy5. This patch is for the previous version of tidy













775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




    13


so is not quite identical.)













775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




    14














775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




    15


CVE request: http://seclists.org/oss-sec/2015/q2/633













775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




    16














775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




    17


--- tidy-1.0.0/src/lexer.c.orig	2015-06-10 12:55:05.134948374 -0700













775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




    18


+++ tidy-1.0.0/src/lexer.c	2015-06-10 12:54:58.445166530 -0700













775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




    19


@@ -3465,16 +3465,17 @@













775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




    20


         /* and prompts attributes unless --literal-attributes is set to yes      */













775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




    21


         /* #994841 - Whitespace is removed from value attributes                 */













775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




    22


 













775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




    23


-        if (munge &&













775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




    24


+        /* Issue #217 - Also only if/while (len > 0) - MUST NEVER GO NEGATIVE! */













775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




    25


+        if ((len > 0) && munge &&













775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




    26


             TY_(tmbstrcasecmp)(name, "alt") &&













775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




    27


             TY_(tmbstrcasecmp)(name, "title") &&













775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




    28


             TY_(tmbstrcasecmp)(name, "value") &&













775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




    29


             TY_(tmbstrcasecmp)(name, "prompt"))













775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




    30


         {













775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




    31


-            while (TY_(IsWhite)(lexer->lexbuf[start+len-1]))













775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




    32


+            while (TY_(IsWhite)(lexer->lexbuf[start+len-1]) && (len > 0))













775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




    33


                 --len;













775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




    34


 













775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




    35


-            while (TY_(IsWhite)(lexer->lexbuf[start]) && start < len)













775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




    36


+            while (TY_(IsWhite)(lexer->lexbuf[start]) && (start < len) && (len > 0))













775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




    37


             {













775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




    38


                 ++start;













775a857a1e2a
21199998 problem in LIBRARY/TIDY



Rich Burridge <rich.burridge@oracle.com>


parents: 

diff
changeset




    39


                 --len;















upstream/oracle/userland-gate