diff options
Diffstat (limited to 'abs/core/libxml2/CVE-2011-0216.patch')
| -rw-r--r-- | abs/core/libxml2/CVE-2011-0216.patch | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/abs/core/libxml2/CVE-2011-0216.patch b/abs/core/libxml2/CVE-2011-0216.patch new file mode 100644 index 0000000..dfc99d4 --- /dev/null +++ b/abs/core/libxml2/CVE-2011-0216.patch @@ -0,0 +1,31 @@ +commit 69f04562f75212bfcabecd190ea8b06ace28ece2 +Author: Daniel Veillard <veillard@redhat.com> +Date: Fri Aug 19 11:05:04 2011 +0800 + + Fix an off by one error in encoding + + this off by one error doesn't seems to reproduce on linux + but the error is real. + +diff --git a/encoding.c b/encoding.c +index d1140bf..fb0c38a 100644 +--- a/encoding.c ++++ b/encoding.c +@@ -1928,7 +1928,7 @@ xmlCharEncFirstLineInt(xmlCharEncodingHandler *handler, xmlBufferPtr out, + if (in == NULL) return(-1); + + /* calculate space available */ +- written = out->size - out->use; ++ written = out->size - out->use - 1; /* count '\0' */ + toconv = in->use; + /* + * echo '<?xml version="1.0" encoding="UCS4"?>' | wc -c => 38 +@@ -2059,7 +2059,7 @@ xmlCharEncInFunc(xmlCharEncodingHandler * handler, xmlBufferPtr out, + toconv = in->use; + if (toconv == 0) + return (0); +- written = out->size - out->use; ++ written = out->size - out->use -1; /* count '\0' */ + if (toconv * 2 >= written) { + xmlBufferGrow(out, out->size + toconv * 2); + written = out->size - out->use - 1; |