summaryrefslogtreecommitdiff
path: root/libxml2/CVE-2011-3905.patch
diff options
context:
space:
mode:
Diffstat (limited to 'libxml2/CVE-2011-3905.patch')
-rw-r--r--libxml2/CVE-2011-3905.patch62
1 files changed, 62 insertions, 0 deletions
diff --git a/libxml2/CVE-2011-3905.patch b/libxml2/CVE-2011-3905.patch
new file mode 100644
index 000000000..439f450f1
--- /dev/null
+++ b/libxml2/CVE-2011-3905.patch
@@ -0,0 +1,62 @@
+From 77404b8b69bc122d12231807abf1a837d121b551 Mon Sep 17 00:00:00 2001
+From: Chris Evans <scarybeasts@gmail.com>
+Date: Wed, 14 Dec 2011 08:18:25 +0000
+Subject: Make sure the parser returns when getting a Stop order
+
+patch backported from chromiun bug fixes, assuming author is Chris
+---
+diff --git a/parser.c b/parser.c
+index 21d7aa3..4e5dcb9 100644
+--- a/parser.c
++++ b/parser.c
+@@ -4949,7 +4949,8 @@ xmlParsePI(xmlParserCtxtPtr ctxt) {
+ (ctxt->sax->processingInstruction != NULL))
+ ctxt->sax->processingInstruction(ctxt->userData,
+ target, NULL);
+- ctxt->instate = state;
++ if (ctxt->instate != XML_PARSER_EOF)
++ ctxt->instate = state;
+ return;
+ }
+ buf = (xmlChar *) xmlMallocAtomic(size * sizeof(xmlChar));
+@@ -5029,7 +5030,8 @@ xmlParsePI(xmlParserCtxtPtr ctxt) {
+ } else {
+ xmlFatalErr(ctxt, XML_ERR_PI_NOT_STARTED, NULL);
+ }
+- ctxt->instate = state;
++ if (ctxt->instate != XML_PARSER_EOF)
++ ctxt->instate = state;
+ }
+ }
+
+@@ -9589,6 +9591,8 @@ xmlParseElement(xmlParserCtxtPtr ctxt) {
+ else
+ name = xmlParseStartTag(ctxt);
+ #endif /* LIBXML_SAX1_ENABLED */
++ if (ctxt->instate == XML_PARSER_EOF)
++ return;
+ if (name == NULL) {
+ spacePop(ctxt);
+ return;
+@@ -10975,6 +10979,8 @@ xmlParseTryOrFinish(xmlParserCtxtPtr ctxt, int terminate) {
+ else
+ name = xmlParseStartTag(ctxt);
+ #endif /* LIBXML_SAX1_ENABLED */
++ if (ctxt->instate == XML_PARSER_EOF)
++ goto done;
+ if (name == NULL) {
+ spacePop(ctxt);
+ ctxt->instate = XML_PARSER_EOF;
+@@ -11161,7 +11167,9 @@ xmlParseTryOrFinish(xmlParserCtxtPtr ctxt, int terminate) {
+ else
+ xmlParseEndTag1(ctxt, 0);
+ #endif /* LIBXML_SAX1_ENABLED */
+- if (ctxt->nameNr == 0) {
++ if (ctxt->instate == XML_PARSER_EOF) {
++ /* Nothing */
++ } else if (ctxt->nameNr == 0) {
+ ctxt->instate = XML_PARSER_EPILOG;
+ } else {
+ ctxt->instate = XML_PARSER_CONTENT;
+--
+cgit v0.9.0.2

Generated by cgit