Overview

File xerces-j2-CVE-2022-23437.patch of Package xerces-j2.22830

Index: xerces-2_11_0/src/org/apache/xerces/impl/XML11EntityScanner.java
===================================================================
--- xerces-2_11_0.orig/src/org/apache/xerces/impl/XML11EntityScanner.java
+++ xerces-2_11_0/src/org/apache/xerces/impl/XML11EntityScanner.java
@@ -108,9 +108,11 @@ public class XML11EntityScanner
                 load(1, false);
             }
             if (c == '\r' && external) {
-                int cc = fCurrentEntity.ch[fCurrentEntity.position++];
-                if (cc != '\n' && cc != 0x85) {
-                    fCurrentEntity.position--;
+                if (fCurrentEntity.position < fCurrentEntity.count) {
+                    int cc = fCurrentEntity.ch[fCurrentEntity.position++];
+                    if (cc != '\n' && cc != 0x85) {
+                        fCurrentEntity.position--;
+                    }
                 }
             }
             c = '\n';
@@ -1004,7 +1006,7 @@ public class XML11EntityScanner
                 c = fCurrentEntity.ch[fCurrentEntity.position++];
                 // In internal entities control characters are allowed to appear unescaped.
                 if ((c == quote && !fCurrentEntity.literal)
-                    || c == '%' || !XML11Char.isXML11InternalEntityContent(c)) {
+                    || c == '%' || !(XML11Char.isXML11InternalEntityContent(c) || c == '\r' )) {
                     fCurrentEntity.position--;
                     break;
                 }
Index: xerces-2_11_0/src/org/apache/xerces/impl/XMLEntityScanner.java
===================================================================
--- xerces-2_11_0.orig/src/org/apache/xerces/impl/XMLEntityScanner.java
+++ xerces-2_11_0/src/org/apache/xerces/impl/XMLEntityScanner.java
@@ -257,8 +257,10 @@ public class XMLEntityScanner implements
                 load(1, false);
             }
             if (c == '\r' && external) {
-                if (fCurrentEntity.ch[fCurrentEntity.position++] != '\n') {
-                    fCurrentEntity.position--;
+                if (fCurrentEntity.position < fCurrentEntity.count) {
+                    if (fCurrentEntity.ch[fCurrentEntity.position++] != '\n') {
+                        fCurrentEntity.position--;
+                    }
                 }
                 c = '\n';
             }
@@ -916,7 +918,7 @@ public class XMLEntityScanner implements
             c = fCurrentEntity.ch[fCurrentEntity.position++];
             if ((c == quote &&
                  (!fCurrentEntity.literal || external))
-                || c == '%' || !XMLChar.isContent(c)) {
+                || c == '%' || !(XMLChar.isContent(c) || c == '\r' && !external)) {
                 fCurrentEntity.position--;
                 break;
             }
openSUSE Build Service is sponsored by
Places