[xml] Buffer overflow error in entities.c

This is in libxml2 version 2.5.11.

Here's how to reproduce the problem: put the following two nonblank
lines into a file named "foo.xml":

        <?xml version="1.0"?>

Now type "xmllint foo.xml", and examine the output.  Notice that the
semicolon is missing.  That's the bug.

Here's the fix:

    cd /usr/local/src/libxml2-2.5.11/
    diff -wu /usr/local/src/libxml2-2.5.11/entities.c\~ /usr/local/src/libxml2-2.5.11/entities.c
    --- /usr/local/src/libxml2-2.5.11/entities.c~   2003-07-15 06:34:04.000000000 -0700
    +++ /usr/local/src/libxml2-2.5.11/entities.c    2003-10-01 10:48:20.000000000 -0700
    @@ -670,7 +670,7 @@
                     * We assume we have UTF-8 input.
    -               char buf[10], *ptr;
    +               char buf[11], *ptr;
                    int val = 0, l = 1;

                    if (*cur < 0xC0) {

    Diff finished at Wed Oct  1 11:10:41

(I tried to enter this bug into bugzilla.gnome.org, but that system
requires a password, and I got impatient waiting for the password to
be mailed to me.)

Asking the Iraqi people to assume Saddam's debts
is rather like telling a man who has been shot in the head
that he has to pay for the bullet.
        -- James Surowiecki

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]