Overview

File libxml2-inf-rec-xmlParseConditionalSections.patch of Package libxml2.17679

From c8d8c8e3b5593e8d607eb23f350aed9cf0621168 Mon Sep 17 00:00:00 2001
Message-Id: <c8d8c8e3b5593e8d607eb23f350aed9cf0621168.1481893862.git.npajkovsky@suse.cz>
From: Nikola Pajkovsky <npajkovsky@suse.cz>
Date: Fri, 16 Dec 2016 14:10:41 +0100
Subject: [PATCH] fix infinite loop

Signed-off-by: Nikola Pajkovsky <npajkovsky@suse.cz>
---
 parser.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/parser.c b/parser.c
index 53a6b7f0c961..ee2d3c3d4053 100644
--- a/parser.c
+++ b/parser.c
@@ -6813,9 +6813,17 @@ xmlParseElementDecl(xmlParserCtxtPtr ctxt) {
  */
 
 static void
-xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
+xmlParseConditionalSections(xmlParserCtxtPtr ctxt, int recurse_depth) {
     int id = ctxt->input->id;
 
+    if (((recurse_depth > 128) && ((ctxt->options & XML_PARSE_HUGE) == 0)) ||
+        (recurse_depth >  2048)) {
+        xmlFatalErrMsgInt(ctxt, XML_ERR_INTERNAL_ERROR,
+"xmlParseConditionalSections : depth %d too deep, use XML_PARSE_HUGE\n",
+                          recurse_depth);
+	return;
+    }
+
     SKIP(3);
     SKIP_BLANKS;
     if (CMP7(CUR_PTR, 'I', 'N', 'C', 'L', 'U', 'D', 'E')) {
@@ -6848,7 +6856,7 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
 	    unsigned int cons = ctxt->input->consumed;
 
 	    if ((RAW == '<') && (NXT(1) == '!') && (NXT(2) == '[')) {
-		xmlParseConditionalSections(ctxt);
+		xmlParseConditionalSections(ctxt, recurse_depth + 1);
 	    } else if (IS_BLANK_CH(CUR)) {
 		NEXT;
 	    } else if (RAW == '%') {
@@ -7036,7 +7044,7 @@ xmlParseMarkupDecl(xmlParserCtxtPtr ctxt) {
      */
     if ((ctxt->external == 0) && (ctxt->inputNr > 1)) {
         if ((RAW == '<') && (NXT(1) == '!') && (NXT(2) == '[')) {
-	    xmlParseConditionalSections(ctxt);
+	    xmlParseConditionalSections(ctxt, 0);
 	}
     }
 
@@ -7179,7 +7187,7 @@ xmlParseExternalSubset(xmlParserCtxtPtr ctxt, const xmlChar *ExternalID,
 
 	GROW;
         if ((RAW == '<') && (NXT(1) == '!') && (NXT(2) == '[')) {
-	    xmlParseConditionalSections(ctxt);
+	    xmlParseConditionalSections(ctxt, 0);
 	} else if (IS_BLANK_CH(CUR)) {
 	    NEXT;
 	} else if (RAW == '%') {
-- 
2.10.2
openSUSE Build Service is sponsored by
Places