Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/dev-libs/libxml2/files/libxml2-2.9.4-heap-buffer-overflow.patch
diff options
context:
space:
mode:
Diffstat (limited to 'dev-libs/libxml2/files/libxml2-2.9.4-heap-buffer-overflow.patch')
-rw-r--r--dev-libs/libxml2/files/libxml2-2.9.4-heap-buffer-overflow.patch32
1 files changed, 32 insertions, 0 deletions
diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-heap-buffer-overflow.patch b/dev-libs/libxml2/files/libxml2-2.9.4-heap-buffer-overflow.patch
new file mode 100644
index 000000000000..770a1832b190
--- /dev/null
+++ b/dev-libs/libxml2/files/libxml2-2.9.4-heap-buffer-overflow.patch
@@ -0,0 +1,32 @@
+From df4f9bdc7a37908ded8bd1fec4f75509eaa156de Mon Sep 17 00:00:00 2001
+From: David Kilzer <ddkilzer@apple.com>
+Date: Tue, 4 Jul 2017 18:38:03 +0200
+Subject: [PATCH 5/7] Heap-buffer-overflow read of size 1 in
+ xmlFAParsePosCharGroup
+
+Credit to OSS-Fuzz.
+
+Add a check to xmlFAParseCharRange() for the end of the buffer
+to prevent reading past the end of it.
+
+This fixes Bug 784017.
+---
+ xmlregexp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/xmlregexp.c b/xmlregexp.c
+index ca3b4f46..6676c2a8 100644
+--- a/xmlregexp.c
++++ b/xmlregexp.c
+@@ -5051,7 +5051,7 @@ xmlFAParseCharRange(xmlRegParserCtxtPtr ctxt) {
+ return;
+ }
+ len = 1;
+- } else if ((cur != 0x5B) && (cur != 0x5D)) {
++ } else if ((cur != '\0') && (cur != 0x5B) && (cur != 0x5D)) {
+ end = CUR_SCHAR(ctxt->cur, len);
+ } else {
+ ERROR("Expecting the end of a char range");
+--
+2.14.1
+