[libxml2] Fix infinite loop in HTML parser introduced with recent commits

From: Nick Wellnhofer <nwellnhof src gnome org>
To: commits-list gnome org
Cc:
Subject: [libxml2] Fix infinite loop in HTML parser introduced with recent commits
Date: Sun, 7 Feb 2021 13:40:38 +0000 (UTC)

commit 954696e7cf236c3aa71dc0b7f9e70d3f51e5cb07
Author: Nick Wellnhofer <wellnhofer aevum de>
Date:   Sun Feb 7 13:23:09 2021 +0100

    Fix infinite loop in HTML parser introduced with recent commits
    
    Check for XML_PARSER_EOF to avoid an infinite loop introduced with
    recent changes to the HTML push parser.
    
    Found by OSS-Fuzz.

 HTMLparser.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
---
diff --git a/HTMLparser.c b/HTMLparser.c
index 2877f4b7..14cc56fa 100644
--- a/HTMLparser.c
+++ b/HTMLparser.c
@@ -5872,7 +5872,8 @@ htmlParseTryOrFinish(htmlParserCtxtPtr ctxt, int terminate) {
                        xmlGenericError(xmlGenericErrorContext,
                                "HPP: Parsing char data\n");
 #endif
-                        while ((cur != '<') && (in->cur < in->end)) {
+                        while ((ctxt->instate != XML_PARSER_EOF) &&
+                               (cur != '<') && (in->cur < in->end)) {
                             if (cur == '&') {
                                htmlParseReference(ctxt);
                             } else {

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]