• David Kilzer's avatar
    Heap-based buffer-underreads due to xmlParseName · 00906759
    David Kilzer authored
    For https://bugzilla.gnome.org/show_bug.cgi?id=759573
    
    * parser.c:
    (xmlParseElementDecl): Return early on invalid input to fix
    non-minimized test case (759573-2.xml).  Otherwise the parser
    gets into a bad state in SKIP(3) at the end of the function.
    (xmlParseConditionalSections): Halt parsing when hitting invalid
    input that would otherwise caused xmlParserHandlePEReference()
    to recurse unexpectedly.  This fixes the minimized test case
    (759573.xml).
    
    * result/errors/759573-2.xml: Add.
    * result/errors/759573-2.xml.err: Add.
    * result/errors/759573-2.xml.str: Add.
    * result/errors/759573.xml: Add.
    * result/errors/759573.xml.err: Add.
    * result/errors/759573.xml.str: Add.
    * test/errors/759573-2.xml: Add.
    * test/errors/759573.xml: Add.
    00906759
759573.xml.str 225 Bytes