mirror of
https://git.yoctoproject.org/poky
synced 2026-04-26 18:32:13 +02:00
f4b0c49145
(From OE-Core rev: d392edafa1d73cace437f45bfbc147de9fc4cf8b) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
50 lines
1.4 KiB
Diff
50 lines
1.4 KiB
Diff
From 8fb4a770075628d6441fb17a1e435100e2f3b1a2 Mon Sep 17 00:00:00 2001
|
|
From: Hugh Davenport <hugh@allthethings.co.nz>
|
|
Date: Fri, 20 Nov 2015 17:16:06 +0800
|
|
Subject: [PATCH] CVE-2015-8242 Buffer overead with HTML parser in push mode
|
|
|
|
For https://bugzilla.gnome.org/show_bug.cgi?id=756372
|
|
Error in the code pointing to the codepoint in the stack for the
|
|
current char value instead of the pointer in the input that the SAX
|
|
callback expects
|
|
Reported and fixed by Hugh Davenport
|
|
|
|
Upstream-Status: Backport
|
|
|
|
CVE-2015-8242
|
|
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
|
|
---
|
|
HTMLparser.c | 6 +++---
|
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/HTMLparser.c b/HTMLparser.c
|
|
index bdf7807..b729197 100644
|
|
--- a/HTMLparser.c
|
|
+++ b/HTMLparser.c
|
|
@@ -5735,17 +5735,17 @@ htmlParseTryOrFinish(htmlParserCtxtPtr ctxt, int terminate) {
|
|
if (ctxt->keepBlanks) {
|
|
if (ctxt->sax->characters != NULL)
|
|
ctxt->sax->characters(
|
|
- ctxt->userData, &cur, 1);
|
|
+ ctxt->userData, &in->cur[0], 1);
|
|
} else {
|
|
if (ctxt->sax->ignorableWhitespace != NULL)
|
|
ctxt->sax->ignorableWhitespace(
|
|
- ctxt->userData, &cur, 1);
|
|
+ ctxt->userData, &in->cur[0], 1);
|
|
}
|
|
} else {
|
|
htmlCheckParagraph(ctxt);
|
|
if (ctxt->sax->characters != NULL)
|
|
ctxt->sax->characters(
|
|
- ctxt->userData, &cur, 1);
|
|
+ ctxt->userData, &in->cur[0], 1);
|
|
}
|
|
}
|
|
ctxt->token = 0;
|
|
--
|
|
2.3.5
|
|
|