[Midnightbsd-cvs] [MidnightBSD/src] d60867: From 4a32da87e931ba54393d465bb77c40b5c33d343b Mon ...
Lucas Holt
noreply at github.com
Sun Oct 9 22:50:29 EDT 2022
Branch: refs/heads/master
Home: https://github.com/MidnightBSD/src
Commit: d608677a6c9d3eccf027e9877e14cd64bde08486
https://github.com/MidnightBSD/src/commit/d608677a6c9d3eccf027e9877e14cd64bde08486
Author: Lucas Holt <luke at foolishgames.com>
Date: 2022-10-09 (Sun, 09 Oct 2022)
Changed paths:
M contrib/expat/lib/xmlparse.c
Log Message:
-----------
From 4a32da87e931ba54393d465bb77c40b5c33d343b Mon Sep 17 00:00:00 2001
From: Rhodri James <rhodri at wildebeest.org.uk>
Date: Wed, 17 Aug 2022 18:26:18 +0100
Subject: [PATCH] Ensure raw tagnames are safe exiting internalEntityParser
It is possible to concoct a situation in which parsing is
suspended while substituting in an internal entity, so that
XML_ResumeParser directly uses internalEntityProcessor as
its processor. If the subsequent parse includes some unclosed
tags, this will return without calling storeRawNames to ensure
that the raw versions of the tag names are stored in memory other
than the parse buffer itself. If the parse buffer is then changed
or reallocated (for example if processing a file line by line),
badness will ensue.
This patch ensures storeRawNames is always called when needed
after calling doContent. The earlier call do doContent does
not need the same protection; it only deals with entity
substitution, which cannot leave unbalanced tags, and in any
case the raw names will be pointing into the stored entity
value not the parse buffer.
Obtained from: expat @ github
More information about the Midnightbsd-cvs
mailing list