mirror of
https://git.yoctoproject.org/poky
synced 2026-02-11 11:13:04 +01:00
e2366b9d09
Upstream-Status: Backport from [2876ac5392]
CVE's Fixed:
CVE-2024-34459 libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c
(From OE-Core rev: b9f46d058854c0a6104a928b7b0b30d65fb87c2e)
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
31 lines
968 B
Diff
31 lines
968 B
Diff
From 78fce372041d53cfeaaf2c11c71d07eef55ecfd1 Mon Sep 17 00:00:00 2001
|
|
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
|
Date: Wed, 8 May 2024 11:49:31 +0200
|
|
Subject: [PATCH] Fix buffer overread with `xmllint --htmlout`
|
|
|
|
Add a missing bounds check.
|
|
|
|
Upstream-Status: Backport from [https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac5392a4e891b81e40e592c3ac6cb46016ce]
|
|
CVE: CVE-2024-34459
|
|
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
|
|
---
|
|
xmllint.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/xmllint.c b/xmllint.c
|
|
index ee6bfdc..2f792f1 100644
|
|
--- a/xmllint.c
|
|
+++ b/xmllint.c
|
|
@@ -602,7 +602,7 @@ xmlHTMLPrintFileContext(xmlParserInputPtr input) {
|
|
len = strlen(buffer);
|
|
snprintf(&buffer[len], sizeof(buffer) - len, "\n");
|
|
cur = input->cur;
|
|
- while ((*cur == '\n') || (*cur == '\r'))
|
|
+ while ((cur > base) && ((*cur == '\n') || (*cur == '\r')))
|
|
cur--;
|
|
n = 0;
|
|
while ((cur != base) && (n++ < 80)) {
|
|
--
|
|
2.25.1
|
|
|