diff options
author | Daniel Veillard <veillard@redhat.com> | 2016-02-09 12:55:29 +0100 |
---|---|---|
committer | Daniel Veillard <veillard@redhat.com> | 2016-02-09 12:55:29 +0100 |
commit | a7a94612aa3b16779e2c74e1fa353b5d9786c602 (patch) | |
tree | 6d71fd02522847fb75621353c7646e8025c434ba | |
parent | 6657afe83a38278f124ace71dc85f60420beb2d5 (diff) | |
download | libxml2-CVE-2016-1762.tar.gz |
Heap-based buffer overread in xmlNextCharCVE-2016-1762
For https://bugzilla.gnome.org/show_bug.cgi?id=759671
when the end of the internal subset isn't properly detected
xmlParseInternalSubset should just return instead of trying
to process input further.
-rw-r--r-- | parser.c | 1 | ||||
-rw-r--r-- | result/errors/754946.xml.err | 10 | ||||
-rw-r--r-- | result/errors/content1.xml.err | 2 | ||||
-rw-r--r-- | result/valid/t8.xml.err | 2 | ||||
-rw-r--r-- | result/valid/t8a.xml.err | 2 |
5 files changed, 9 insertions, 8 deletions
@@ -8468,6 +8468,7 @@ xmlParseInternalSubset(xmlParserCtxtPtr ctxt) { */ if (RAW != '>') { xmlFatalErr(ctxt, XML_ERR_DOCTYPE_NOT_FINISHED, NULL); + return; } NEXT; } diff --git a/result/errors/754946.xml.err b/result/errors/754946.xml.err index a75088b9..c03e35bf 100644 --- a/result/errors/754946.xml.err +++ b/result/errors/754946.xml.err @@ -11,9 +11,9 @@ Entity: line 1: parser error : DOCTYPE improperly terminated Entity: line 1: A<lbbbbbbbbbbbbbbbbbbb_ ^ -./test/errors/754946.xml:1: parser error : Start tag doesn't start and stop in the same entity ->%SYSTEM;<![ - ^ -./test/errors/754946.xml:1: parser error : Extra content at the end of the document ->%SYSTEM;<![ +Entity: line 1: parser error : Start tag expected, '<' not found + %SYSTEM; ^ +Entity: line 1: +A<lbbbbbbbbbbbbbbbbbbb_ +^ diff --git a/result/errors/content1.xml.err b/result/errors/content1.xml.err index 425be393..9fcd6033 100644 --- a/result/errors/content1.xml.err +++ b/result/errors/content1.xml.err @@ -13,4 +13,4 @@ ^ ./test/errors/content1.xml:7: parser error : Start tag expected, '<' not found <!ELEMENT aElement (a |b * > - ^ + ^ diff --git a/result/valid/t8.xml.err b/result/valid/t8.xml.err index d795788c..1a3c006d 100644 --- a/result/valid/t8.xml.err +++ b/result/valid/t8.xml.err @@ -16,4 +16,4 @@ Entity: line 1: parser error : Start tag expected, '<' not found ^ Entity: line 1: <!ELEMENT root (middle) > - ^ +^ diff --git a/result/valid/t8a.xml.err b/result/valid/t8a.xml.err index d795788c..1a3c006d 100644 --- a/result/valid/t8a.xml.err +++ b/result/valid/t8a.xml.err @@ -16,4 +16,4 @@ Entity: line 1: parser error : Start tag expected, '<' not found ^ Entity: line 1: <!ELEMENT root (middle) > - ^ +^ |