poky/meta/recipes-core/libxml/libxml2/CVE-2026-1757.patch

From bbe186902eddca01cc2049780a1d1a37937d3862 Mon Sep 17 00:00:00 2001
From: Mingli Yu <mingli.yu@windriver.com>
Date: Wed, 25 Feb 2026 16:16:14 +0800
Subject: [PATCH] shell: free cmdline before continue

This patch frees the cmdline when it's not empty but it doesn't contain
any actual character.

If the cmdline is just whitespaces or \r and \n, the loop continues
without freeing the cmdline string, so it's a leak.

Fix #1009

Reference https://gitlab.gnome.org/GNOME/libxml2/-/commit/160c8a43

CVE: CVE-2026-1757

Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/160c8a43]

The shell is refactored [1], so backport the related code from shell.c
to debugXML.c.

[1] https://gitlab.gnome.org/GNOME/libxml2/-/commit/1341deac

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
---
 debugXML.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/debugXML.c b/debugXML.c
index 9d9618f..2d5c99d 100644
--- a/debugXML.c
+++ b/debugXML.c
@@ -2866,8 +2866,11 @@ xmlShell(xmlDocPtr doc, char *filename, xmlShellReadlineFunc input,
             command[i++] = *cur++;
         }
         command[i] = 0;
-        if (i == 0)
+        if (i == 0) {
+            free(cmdline);
+            cmdline = NULL;
             continue;
+        }
 
         /*
          * Parse the argument
-- 
2.34.1