File CVE-2024-50602.patch of Package xsd

From 0552959d99413279c456e3289ad24db783f579ba Mon Sep 17 00:00:00 2001
From: Christophe Marin <christophe@krop.fr>
Date: Wed, 30 Oct 2024 14:50:13 +0100
Subject: [PATCH] Backport fix for CVE-2024-50602

---
 libcutl/cutl/details/expat/expat.h    | 4 +++-
 libcutl/cutl/details/expat/xmlparse.c | 9 ++++++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/libcutl/cutl/details/expat/expat.h b/libcutl/cutl/details/expat/expat.h
index f5dd736..85a0f8a 100644
--- a/libcutl/cutl/details/expat/expat.h
+++ b/libcutl/cutl/details/expat/expat.h
@@ -95,7 +95,9 @@ enum XML_Error {
   /* Added in 2.0. */
   XML_ERROR_RESERVED_PREFIX_XML,
   XML_ERROR_RESERVED_PREFIX_XMLNS,
-  XML_ERROR_RESERVED_NAMESPACE_URI
+  XML_ERROR_RESERVED_NAMESPACE_URI,
+  /* Added in 2.6.4. */
+  XML_ERROR_NOT_STARTED,
 };
 
 enum XML_Content_Type {
diff --git a/libcutl/cutl/details/expat/xmlparse.c b/libcutl/cutl/details/expat/xmlparse.c
index d469102..fd9fc79 100644
--- a/libcutl/cutl/details/expat/xmlparse.c
+++ b/libcutl/cutl/details/expat/xmlparse.c
@@ -1750,6 +1750,9 @@ enum XML_Status XMLCALL
 XML_StopParser(XML_Parser parser, XML_Bool resumable)
 {
   switch (ps_parsing) {
+  case XML_INITIALIZED:
+    errorCode = XML_ERROR_NOT_STARTED;
+    return XML_STATUS_ERROR;
   case XML_SUSPENDED:
     if (resumable) {
       errorCode = XML_ERROR_SUSPENDED;
@@ -1760,7 +1763,7 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable)
   case XML_FINISHED:
     errorCode = XML_ERROR_FINISHED;
     return XML_STATUS_ERROR;
-  default:
+  case XML_PARSING:
     if (resumable) {
 #ifdef XML_DTD
       if (isParamEntity) {
@@ -1772,6 +1775,9 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable)
     }
     else
       ps_parsing = XML_FINISHED;
+    break;
+  default:
+    assert(0);
   }
   return XML_STATUS_OK;
 }
@@ -1959,6 +1965,7 @@ XML_ErrorString(enum XML_Error code)
     XML_L("reserved prefix (xml) must not be undeclared or bound to another namespace name"),
     XML_L("reserved prefix (xmlns) must not be declared or undeclared"),
     XML_L("prefix must not be bound to one of the reserved namespace names")
+    XML_L("parser not started")
   };
   if (code > 0 && code < sizeof(message)/sizeof(message[0]))
     return message[code];
-- 
2.47.0