You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
46 lines
1.4 KiB
46 lines
1.4 KiB
7 years ago
|
From ebf48b59943833b5f57e909e5d00f0d6e75e874e Mon Sep 17 00:00:00 2001
|
||
|
|
From: Hugh Davenport <hugh@allthethings.co.nz>
|
||
|
|
Date: Fri, 20 Nov 2015 17:16:06 +0800
|
||
|
|
Subject: [PATCH] CVE-2015-8242 Buffer overead with HTML parser in push mode
|
||
|
|
To: libvir-list@redhat.com
|
||
|
|
|
||
|
|
For https://bugzilla.gnome.org/show_bug.cgi?id=756372
|
||
|
|
Error in the code pointing to the codepoint in the stack for the
|
||
|
|
current char value instead of the pointer in the input that the SAX
|
||
|
|
callback expects
|
||
|
|
Reported and fixed by Hugh Davenport
|
||
|
|
|
||
|
|
Signed-off-by: Daniel Veillard <veillard@redhat.com>
|
||
|
|
---
|
||
|
|
HTMLparser.c | 6 +++---
|
||
|
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/HTMLparser.c b/HTMLparser.c
|
||
|
|
index cab499a..4331d53 100644
|
||
|
|
--- a/HTMLparser.c
|
||
|
|
+++ b/HTMLparser.c
|
||
|
|
@@ -5708,17 +5708,17 @@ htmlParseTryOrFinish(htmlParserCtxtPtr ctxt, int terminate) {
|
||
|
|
if (ctxt->keepBlanks) {
|
||
|
|
if (ctxt->sax->characters != NULL)
|
||
|
|
ctxt->sax->characters(
|
||
|
|
- ctxt->userData, &cur, 1);
|
||
|
|
+ ctxt->userData, &in->cur[0], 1);
|
||
|
|
} else {
|
||
|
|
if (ctxt->sax->ignorableWhitespace != NULL)
|
||
|
|
ctxt->sax->ignorableWhitespace(
|
||
|
|
- ctxt->userData, &cur, 1);
|
||
|
|
+ ctxt->userData, &in->cur[0], 1);
|
||
|
|
}
|
||
|
|
} else {
|
||
|
|
htmlCheckParagraph(ctxt);
|
||
|
|
if (ctxt->sax->characters != NULL)
|
||
|
|
ctxt->sax->characters(
|
||
|
|
- ctxt->userData, &cur, 1);
|
||
|
|
+ ctxt->userData, &in->cur[0], 1);
|
||
|
|
}
|
||
|
|
}
|
||
|
|
ctxt->token = 0;
|
||
|
|
--
|
||
|
|
2.5.0
|
||
|
|
|