[libxml2] Heap-based buffer overread in xmlNextChar

From: Daniel Veillard <veillard src gnome org>
To: commits-list gnome org
Cc:
Subject: [libxml2] Heap-based buffer overread in xmlNextChar
Date: Tue, 9 Feb 2016 11:57:39 +0000 (UTC)

commit a7a94612aa3b16779e2c74e1fa353b5d9786c602
Author: Daniel Veillard <veillard redhat com>
Date:   Tue Feb 9 12:55:29 2016 +0100

    Heap-based buffer overread in xmlNextChar
    
    For https://bugzilla.gnome.org/show_bug.cgi?id=759671
    
    when the end of the internal subset isn't properly detected
    xmlParseInternalSubset should just return instead of trying
    to process input further.

 parser.c                       |    1 +
 result/errors/754946.xml.err   |   10 +++++-----
 result/errors/content1.xml.err |    2 +-
 result/valid/t8.xml.err        |    2 +-
 result/valid/t8a.xml.err       |    2 +-
 5 files changed, 9 insertions(+), 8 deletions(-)
---
diff --git a/parser.c b/parser.c
index c5741e3..0677030 100644
--- a/parser.c
+++ b/parser.c
@@ -8468,6 +8468,7 @@ xmlParseInternalSubset(xmlParserCtxtPtr ctxt) {
      */
     if (RAW != '>') {
        xmlFatalErr(ctxt, XML_ERR_DOCTYPE_NOT_FINISHED, NULL);
+       return;
     }
     NEXT;
 }
diff --git a/result/errors/754946.xml.err b/result/errors/754946.xml.err
index a75088b..c03e35b 100644
--- a/result/errors/754946.xml.err
+++ b/result/errors/754946.xml.err
@@ -11,9 +11,9 @@ Entity: line 1: parser error : DOCTYPE improperly terminated
 Entity: line 1: 
 A<lbbbbbbbbbbbbbbbbbbb_
 ^
-./test/errors/754946.xml:1: parser error : Start tag doesn't start and stop in the same entity
->%SYSTEM;<![
-         ^
-./test/errors/754946.xml:1: parser error : Extra content at the end of the document
->%SYSTEM;<![
+Entity: line 1: parser error : Start tag expected, '<' not found
+ %SYSTEM; 
          ^
+Entity: line 1: 
+A<lbbbbbbbbbbbbbbbbbbb_
+^
diff --git a/result/errors/content1.xml.err b/result/errors/content1.xml.err
index 425be39..9fcd603 100644
--- a/result/errors/content1.xml.err
+++ b/result/errors/content1.xml.err
@@ -13,4 +13,4 @@
                          ^
 ./test/errors/content1.xml:7: parser error : Start tag expected, '<' not found
 <!ELEMENT aElement (a |b * >
-                           ^
+                         ^
diff --git a/result/valid/t8.xml.err b/result/valid/t8.xml.err
index d795788..1a3c006 100644
--- a/result/valid/t8.xml.err
+++ b/result/valid/t8.xml.err
@@ -16,4 +16,4 @@ Entity: line 1: parser error : Start tag expected, '<' not found
           ^
 Entity: line 1: 
 &lt;!ELEMENT root (middle) >
- ^
+^
diff --git a/result/valid/t8a.xml.err b/result/valid/t8a.xml.err
index d795788..1a3c006 100644
--- a/result/valid/t8a.xml.err
+++ b/result/valid/t8a.xml.err
@@ -16,4 +16,4 @@ Entity: line 1: parser error : Start tag expected, '<' not found
           ^
 Entity: line 1: 
 &lt;!ELEMENT root (middle) >
- ^
+^

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]