aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/expat-CVE-2016-0718-fix-regression.patch
blob: b489401fea7ac8c2e88063f7733622f7e1367ff9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
Fix regression caused by fix for CVE-2016-0718 when building with -DXML_UNICODE.

Discussion:

https://sourceforge.net/p/expat/bugs/539/

Patch copied from upstream source repository:

https://sourceforge.net/p/expat/code_git/ci/af507cef2c93cb8d40062a0abe43a4f4e9158fb2/

From af507cef2c93cb8d40062a0abe43a4f4e9158fb2 Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Sun, 17 Jul 2016 20:22:29 +0200
Subject: [PATCH 1/2] Fix regression bug #539 (needs -DXML_UNICODE)

Thanks to Andy Wang and Karl Waclawek!
---
 expat/lib/xmlparse.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
index b308e67..0d5dd7b 100644
--- a/lib/xmlparse.c
+++ b/lib/xmlparse.c
@@ -2468,7 +2468,7 @@ doContent(XML_Parser parser,
                        &fromPtr, rawNameEnd,
                        (ICHAR **)&toPtr, (ICHAR *)tag->bufEnd - 1);
             convLen = (int)(toPtr - (XML_Char *)tag->buf);
-            if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) {
+            if ((fromPtr >= rawNameEnd) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) {
               tag->name.strLen = convLen;
               break;
             }
-- 
2.10.0