diff options
Diffstat (limited to 'dev-libs/libxml2/files/libxml2-2.9.4-heap-buffer-overflow.patch')
-rw-r--r-- | dev-libs/libxml2/files/libxml2-2.9.4-heap-buffer-overflow.patch | 32 |
1 files changed, 0 insertions, 32 deletions
diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-heap-buffer-overflow.patch b/dev-libs/libxml2/files/libxml2-2.9.4-heap-buffer-overflow.patch deleted file mode 100644 index 770a1832b190..000000000000 --- a/dev-libs/libxml2/files/libxml2-2.9.4-heap-buffer-overflow.patch +++ /dev/null @@ -1,32 +0,0 @@ -From df4f9bdc7a37908ded8bd1fec4f75509eaa156de Mon Sep 17 00:00:00 2001 -From: David Kilzer <ddkilzer@apple.com> -Date: Tue, 4 Jul 2017 18:38:03 +0200 -Subject: [PATCH 5/7] Heap-buffer-overflow read of size 1 in - xmlFAParsePosCharGroup - -Credit to OSS-Fuzz. - -Add a check to xmlFAParseCharRange() for the end of the buffer -to prevent reading past the end of it. - -This fixes Bug 784017. ---- - xmlregexp.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/xmlregexp.c b/xmlregexp.c -index ca3b4f46..6676c2a8 100644 ---- a/xmlregexp.c -+++ b/xmlregexp.c -@@ -5051,7 +5051,7 @@ xmlFAParseCharRange(xmlRegParserCtxtPtr ctxt) { - return; - } - len = 1; -- } else if ((cur != 0x5B) && (cur != 0x5D)) { -+ } else if ((cur != '\0') && (cur != 0x5B) && (cur != 0x5D)) { - end = CUR_SCHAR(ctxt->cur, len); - } else { - ERROR("Expecting the end of a char range"); --- -2.14.1 - |