Commit a7a94612 authored by Daniel Veillard's avatar Daniel Veillard

Heap-based buffer overread in xmlNextChar

For https://bugzilla.gnome.org/show_bug.cgi?id=759671

when the end of the internal subset isn't properly detected
xmlParseInternalSubset should just return instead of trying
to process input further.
parent 6657afe8
...@@ -8468,6 +8468,7 @@ xmlParseInternalSubset(xmlParserCtxtPtr ctxt) { ...@@ -8468,6 +8468,7 @@ xmlParseInternalSubset(xmlParserCtxtPtr ctxt) {
*/ */
if (RAW != '>') { if (RAW != '>') {
xmlFatalErr(ctxt, XML_ERR_DOCTYPE_NOT_FINISHED, NULL); xmlFatalErr(ctxt, XML_ERR_DOCTYPE_NOT_FINISHED, NULL);
return;
} }
NEXT; NEXT;
} }
......
...@@ -11,9 +11,9 @@ Entity: line 1: parser error : DOCTYPE improperly terminated ...@@ -11,9 +11,9 @@ Entity: line 1: parser error : DOCTYPE improperly terminated
Entity: line 1: Entity: line 1:
A<lbbbbbbbbbbbbbbbbbbb_ A<lbbbbbbbbbbbbbbbbbbb_
^ ^
./test/errors/754946.xml:1: parser error : Start tag doesn't start and stop in the same entity Entity: line 1: parser error : Start tag expected, '<' not found
>%SYSTEM;<![ %SYSTEM;
^
./test/errors/754946.xml:1: parser error : Extra content at the end of the document
>%SYSTEM;<![
^ ^
Entity: line 1:
A<lbbbbbbbbbbbbbbbbbbb_
^
...@@ -13,4 +13,4 @@ ...@@ -13,4 +13,4 @@
^ ^
./test/errors/content1.xml:7: parser error : Start tag expected, '<' not found ./test/errors/content1.xml:7: parser error : Start tag expected, '<' not found
<!ELEMENT aElement (a |b * > <!ELEMENT aElement (a |b * >
^ ^
...@@ -16,4 +16,4 @@ Entity: line 1: parser error : Start tag expected, '<' not found ...@@ -16,4 +16,4 @@ Entity: line 1: parser error : Start tag expected, '<' not found
^ ^
Entity: line 1: Entity: line 1:
&lt;!ELEMENT root (middle) > &lt;!ELEMENT root (middle) >
^ ^
...@@ -16,4 +16,4 @@ Entity: line 1: parser error : Start tag expected, '<' not found ...@@ -16,4 +16,4 @@ Entity: line 1: parser error : Start tag expected, '<' not found
^ ^
Entity: line 1: Entity: line 1:
&lt;!ELEMENT root (middle) > &lt;!ELEMENT root (middle) >
^ ^
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment