guix/gnu/packages/patches/libxml2-CVE-2015-7942-pt1.patch
Mark H Weaver ee6bb0cc76 gnu: libxml2: Add fixes for CVE-2015-{1819,7941,7942,8035} and other bugs.
* gnu/packages/patches/libxml2-CVE-2015-1819.patch,
  gnu/packages/patches/libxml2-CVE-2015-7941-pt1.patch,
  gnu/packages/patches/libxml2-CVE-2015-7941-pt2.patch,
  gnu/packages/patches/libxml2-CVE-2015-7942-pt1.patch,
  gnu/packages/patches/libxml2-CVE-2015-7942-pt2.patch,
  gnu/packages/patches/libxml2-CVE-2015-8035.patch,
  gnu/packages/patches/libxml2-bug-737840.patch,
  gnu/packages/patches/libxml2-bug-738805.patch,
  gnu/packages/patches/libxml2-bug-746048.patch,
  gnu/packages/patches/libxml2-bug-747437.patch,
  gnu/packages/patches/libxml2-bug-751603.patch,
  gnu/packages/patches/libxml2-bug-751631.patch,
  gnu/packages/patches/libxml2-bug-754946.patch,
  gnu/packages/patches/libxml2-bug-754947.patch,
  gnu/packages/patches/libxml2-bug-755857.patch,
  gnu/packages/patches/libxml2-fix-catalog-corruption.patch,
  gnu/packages/patches/libxml2-id-attrs-in-xmlSetTreeDoc.patch,
  gnu/packages/patches/libxml2-node-sort-order-pt1.patch,
  gnu/packages/patches/libxml2-node-sort-order-pt2.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/xml.scm (libxml2)[source]: Add patches.
2015-11-18 17:47:40 -05:00

32 lines
944 B
Diff

From bd0526e66a56e75a18da8c15c4750db8f801c52d Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@redhat.com>
Date: Fri, 23 Oct 2015 19:02:28 +0800
Subject: [PATCH] Another variation of overflow in Conditional sections
Which happen after the previous fix to
https://bugzilla.gnome.org/show_bug.cgi?id=756456
But stopping the parser and exiting we didn't pop the intermediary entities
and doing the SKIP there applies on an input which may be too small
---
parser.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/parser.c b/parser.c
index a65e4cc..b9217ff 100644
--- a/parser.c
+++ b/parser.c
@@ -6915,7 +6915,9 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
"All markup of the conditional section is not in the same entity\n",
NULL, NULL);
}
- SKIP(3);
+ if ((ctxt-> instate != XML_PARSER_EOF) &&
+ ((ctxt->input->cur + 3) < ctxt->input->end))
+ SKIP(3);
}
}
--
2.6.3