diff options
Diffstat (limited to 'abs/core/libxml2/CVE-2011-3905.patch')
| -rw-r--r-- | abs/core/libxml2/CVE-2011-3905.patch | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/abs/core/libxml2/CVE-2011-3905.patch b/abs/core/libxml2/CVE-2011-3905.patch new file mode 100644 index 0000000..53373b7 --- /dev/null +++ b/abs/core/libxml2/CVE-2011-3905.patch @@ -0,0 +1,61 @@ +commit 77404b8b69bc122d12231807abf1a837d121b551 +Author: Chris Evans <scarybeasts@gmail.com> +Date: Wed Dec 14 16:18:25 2011 +0800 + + Make sure the parser returns when getting a Stop order + + patch backported from chromiun bug fixes, assuming author is Chris + +diff --git a/parser.c b/parser.c +index 21d7aa3..4e5dcb9 100644 +--- a/parser.c ++++ b/parser.c +@@ -4949,7 +4949,8 @@ xmlParsePI(xmlParserCtxtPtr ctxt) { + (ctxt->sax->processingInstruction != NULL)) + ctxt->sax->processingInstruction(ctxt->userData, + target, NULL); +- ctxt->instate = state; ++ if (ctxt->instate != XML_PARSER_EOF) ++ ctxt->instate = state; + return; + } + buf = (xmlChar *) xmlMallocAtomic(size * sizeof(xmlChar)); +@@ -5029,7 +5030,8 @@ xmlParsePI(xmlParserCtxtPtr ctxt) { + } else { + xmlFatalErr(ctxt, XML_ERR_PI_NOT_STARTED, NULL); + } +- ctxt->instate = state; ++ if (ctxt->instate != XML_PARSER_EOF) ++ ctxt->instate = state; + } + } + +@@ -9589,6 +9591,8 @@ xmlParseElement(xmlParserCtxtPtr ctxt) { + else + name = xmlParseStartTag(ctxt); + #endif /* LIBXML_SAX1_ENABLED */ ++ if (ctxt->instate == XML_PARSER_EOF) ++ return; + if (name == NULL) { + spacePop(ctxt); + return; +@@ -10975,6 +10979,8 @@ xmlParseTryOrFinish(xmlParserCtxtPtr ctxt, int terminate) { + else + name = xmlParseStartTag(ctxt); + #endif /* LIBXML_SAX1_ENABLED */ ++ if (ctxt->instate == XML_PARSER_EOF) ++ goto done; + if (name == NULL) { + spacePop(ctxt); + ctxt->instate = XML_PARSER_EOF; +@@ -11161,7 +11167,9 @@ xmlParseTryOrFinish(xmlParserCtxtPtr ctxt, int terminate) { + else + xmlParseEndTag1(ctxt, 0); + #endif /* LIBXML_SAX1_ENABLED */ +- if (ctxt->nameNr == 0) { ++ if (ctxt->instate == XML_PARSER_EOF) { ++ /* Nothing */ ++ } else if (ctxt->nameNr == 0) { + ctxt->instate = XML_PARSER_EPILOG; + } else { + ctxt->instate = XML_PARSER_CONTENT; |