File libxml2-2.9.1-CVE-2016-1762.patch of Package libxml2.2672
From a7a94612aa3b16779e2c74e1fa353b5d9786c602 Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@redhat.com>
Date: Tue, 9 Feb 2016 12:55:29 +0100
Subject: Heap-based buffer overread in xmlNextChar
For https://bugzilla.gnome.org/show_bug.cgi?id=759671
when the end of the internal subset isn't properly detected
xmlParseInternalSubset should just return instead of trying
to process input further.
---
parser.c | 1 +
result/errors/content1.xml.err | 2 +-
result/valid/t8.xml.err | 2 +-
result/valid/t8a.xml.err | 2 +-
5 files changed, 9 insertions(+), 8 deletions(-)
Index: libxml2-2.9.1/parser.c
===================================================================
--- libxml2-2.9.1.orig/parser.c
+++ libxml2-2.9.1/parser.c
@@ -8437,6 +8437,7 @@ xmlParseInternalSubset(xmlParserCtxtPtr
*/
if (RAW != '>') {
xmlFatalErr(ctxt, XML_ERR_DOCTYPE_NOT_FINISHED, NULL);
+ return;
}
NEXT;
}
Index: libxml2-2.9.1/result/errors/content1.xml.err
===================================================================
--- libxml2-2.9.1.orig/result/errors/content1.xml.err
+++ libxml2-2.9.1/result/errors/content1.xml.err
@@ -13,4 +13,4 @@
^
./test/errors/content1.xml:7: parser error : Start tag expected, '<' not found
<!ELEMENT aElement (a |b * >
- ^
+ ^
Index: libxml2-2.9.1/result/valid/t8.xml.err
===================================================================
--- libxml2-2.9.1.orig/result/valid/t8.xml.err
+++ libxml2-2.9.1/result/valid/t8.xml.err
@@ -16,4 +16,4 @@ Entity: line 1: parser error : Start tag
^
Entity: line 1:
<!ELEMENT root (middle) >
- ^
+^
Index: libxml2-2.9.1/result/valid/t8a.xml.err
===================================================================
--- libxml2-2.9.1.orig/result/valid/t8a.xml.err
+++ libxml2-2.9.1/result/valid/t8a.xml.err
@@ -16,4 +16,4 @@ Entity: line 1: parser error : Start tag
^
Entity: line 1:
<!ELEMENT root (middle) >
- ^
+^