mirror of
https://git.yoctoproject.org/poky
synced 2026-02-22 01:19:41 +01:00
4cdca0571a
affects libxml2 < 2.9.4 (From OE-Core rev: 9d894179128771c4a2628c103f5c39e2e6ef13c5) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
38 lines
1.2 KiB
Diff
38 lines
1.2 KiB
Diff
From cbb271655cadeb8dbb258a64701d9a3a0c4835b4 Mon Sep 17 00:00:00 2001
|
|
From: Pranjal Jumde <pjumde@apple.com>
|
|
Date: Mon, 7 Mar 2016 06:34:26 -0800
|
|
Subject: [PATCH] Bug 757711: heap-buffer-overflow in xmlFAParsePosCharGroup
|
|
<https://bugzilla.gnome.org/show_bug.cgi?id=757711>
|
|
|
|
* xmlregexp.c:
|
|
(xmlFAParseCharRange): Only advance to the next character if
|
|
there is no error. Advancing to the next character in case of
|
|
an error while parsing regexp leads to an out of bounds access.
|
|
|
|
Upstream-Status: Backport
|
|
CVE: CVE-2016-1840
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
|
|
---
|
|
xmlregexp.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
Index: libxml2-2.9.2/xmlregexp.c
|
|
===================================================================
|
|
--- libxml2-2.9.2.orig/xmlregexp.c
|
|
+++ libxml2-2.9.2/xmlregexp.c
|
|
@@ -5052,11 +5052,12 @@ xmlFAParseCharRange(xmlRegParserCtxtPtr
|
|
ERROR("Expecting the end of a char range");
|
|
return;
|
|
}
|
|
- NEXTL(len);
|
|
+
|
|
/* TODO check that the values are acceptable character ranges for XML */
|
|
if (end < start) {
|
|
ERROR("End of range is before start of range");
|
|
} else {
|
|
+ NEXTL(len);
|
|
xmlRegAtomAddRange(ctxt, ctxt->atom, ctxt->neg,
|
|
XML_REGEXP_CHARVAL, start, end, NULL);
|
|
}
|