diff options
| author | Sebastian Pipping <sebastian@pipping.org> | 2022-09-20 02:44:34 +0200 |
|---|---|---|
| committer | Sebastian Pipping <sebastian@pipping.org> | 2022-10-24 14:58:45 +0200 |
| commit | 5290462a7ea1278a8d5c0d5b2860d4e244f997e4 (patch) | |
| tree | 240f8a53ec4bea37982feeb476fd1aa12190ea1c | |
| parent | 391551620eefa5fccfaaee07dab066cc552527b2 (diff) | |
| download | libexpat-git-5290462a7ea1278a8d5c0d5b2860d4e244f997e4.tar.gz | |
lib: Fix overeager DTD destruction in XML_ExternalEntityParserCreate
| -rw-r--r-- | expat/lib/xmlparse.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c index aacd6e7f..57bf103c 100644 --- a/expat/lib/xmlparse.c +++ b/expat/lib/xmlparse.c @@ -1068,6 +1068,14 @@ parserCreate(const XML_Char *encodingName, parserInit(parser, encodingName); if (encodingName && ! parser->m_protocolEncodingName) { + if (dtd) { + // We need to stop the upcoming call to XML_ParserFree from happily + // destroying parser->m_dtd because the DTD is shared with the parent + // parser and the only guard that keeps XML_ParserFree from destroying + // parser->m_dtd is parser->m_isParamEntity but it will be set to + // XML_TRUE only later in XML_ExternalEntityParserCreate (or not at all). + parser->m_dtd = NULL; + } XML_ParserFree(parser); return NULL; } |