|
1 Patch origin: upstream |
|
2 Patch status: will be part of next version |
|
3 |
|
4 https://git.gnome.org/browse/libxml2/patch/?id=bd0526e66a56e75a18da8c15c4750db8f801c52d |
|
5 https://git.gnome.org/browse/libxml2/patch/?id=41ac9049a27f52e7a1f3b341f8714149fc88d450 |
|
6 |
|
7 From bd0526e66a56e75a18da8c15c4750db8f801c52d Mon Sep 17 00:00:00 2001 |
|
8 From: Daniel Veillard <[email protected]> |
|
9 Date: Fri, 23 Oct 2015 19:02:28 +0800 |
|
10 Subject: Another variation of overflow in Conditional sections |
|
11 |
|
12 Which happen after the previous fix to |
|
13 https://bugzilla.gnome.org/show_bug.cgi?id=756456 |
|
14 |
|
15 But stopping the parser and exiting we didn't pop the intermediary entities |
|
16 and doing the SKIP there applies on an input which may be too small |
|
17 --- |
|
18 parser.c | 4 +++- |
|
19 1 file changed, 3 insertions(+), 1 deletion(-) |
|
20 |
|
21 From 41ac9049a27f52e7a1f3b341f8714149fc88d450 Mon Sep 17 00:00:00 2001 |
|
22 From: Daniel Veillard <[email protected]> |
|
23 Date: Tue, 27 Oct 2015 10:53:44 +0800 |
|
24 Subject: Fix an error in previous Conditional section patch |
|
25 |
|
26 an off by one mistake in the change, led to error on correct |
|
27 document where the end of the included entity was exactly |
|
28 the end of the conditional section, leading to regtest failure |
|
29 --- |
|
30 parser.c | 2 +- |
|
31 1 file changed, 1 insertion(+), 1 deletion(-) |
|
32 |
|
33 diff --git a/parser.c b/parser.c |
|
34 index a65e4cc..b9217ff 100644 |
|
35 --- a/parser.c |
|
36 +++ b/parser.c |
|
37 @@ -6915,7 +6915,9 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) { |
|
38 "All markup of the conditional section is not in the same entity\n", |
|
39 NULL, NULL); |
|
40 } |
|
41 - SKIP(3); |
|
42 + if ((ctxt-> instate != XML_PARSER_EOF) && |
|
43 + ((ctxt->input->cur + 3) <= ctxt->input->end)) |
|
44 + SKIP(3); |
|
45 } |
|
46 } |
|
47 |
|
48 -- |
|
49 cgit v0.11.2 |
|
50 |