You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
45 lines
1.4 KiB
45 lines
1.4 KiB
From ebf48b59943833b5f57e909e5d00f0d6e75e874e Mon Sep 17 00:00:00 2001 |
|
From: Hugh Davenport <hugh@allthethings.co.nz> |
|
Date: Fri, 20 Nov 2015 17:16:06 +0800 |
|
Subject: [PATCH] CVE-2015-8242 Buffer overead with HTML parser in push mode |
|
To: libvir-list@redhat.com |
|
|
|
For https://bugzilla.gnome.org/show_bug.cgi?id=756372 |
|
Error in the code pointing to the codepoint in the stack for the |
|
current char value instead of the pointer in the input that the SAX |
|
callback expects |
|
Reported and fixed by Hugh Davenport |
|
|
|
Signed-off-by: Daniel Veillard <veillard@redhat.com> |
|
--- |
|
HTMLparser.c | 6 +++--- |
|
1 file changed, 3 insertions(+), 3 deletions(-) |
|
|
|
diff --git a/HTMLparser.c b/HTMLparser.c |
|
index cab499a..4331d53 100644 |
|
--- a/HTMLparser.c |
|
+++ b/HTMLparser.c |
|
@@ -5708,17 +5708,17 @@ htmlParseTryOrFinish(htmlParserCtxtPtr ctxt, int terminate) { |
|
if (ctxt->keepBlanks) { |
|
if (ctxt->sax->characters != NULL) |
|
ctxt->sax->characters( |
|
- ctxt->userData, &cur, 1); |
|
+ ctxt->userData, &in->cur[0], 1); |
|
} else { |
|
if (ctxt->sax->ignorableWhitespace != NULL) |
|
ctxt->sax->ignorableWhitespace( |
|
- ctxt->userData, &cur, 1); |
|
+ ctxt->userData, &in->cur[0], 1); |
|
} |
|
} else { |
|
htmlCheckParagraph(ctxt); |
|
if (ctxt->sax->characters != NULL) |
|
ctxt->sax->characters( |
|
- ctxt->userData, &cur, 1); |
|
+ ctxt->userData, &in->cur[0], 1); |
|
} |
|
} |
|
ctxt->token = 0; |
|
-- |
|
2.5.0 |
|
|
|
|