Sha256: 8bd5e7be9072414d4af6aaecb13713829bc55e1a48f2226cc56ae65ac06f031f
Contents?: true
Size: 1.33 KB
Versions: 12
Compression:
Stored size: 1.33 KB
Contents
From 37bc5395ae2489db988b37b4dba070c584b516ca Mon Sep 17 00:00:00 2001
From: Hugh Davenport <hugh@allthethings.co.nz>
Date: Fri, 20 Nov 2015 17:16:06 +0800
Subject: [PATCH 18/18] CVE-2015-8242 Buffer overead with HTML parser in push
mode
For https://bugzilla.gnome.org/show_bug.cgi?id=756372
Error in the code pointing to the codepoint in the stack for the
current char value instead of the pointer in the input that the SAX
callback expects
Reported and fixed by Hugh Davenport
---
HTMLparser.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/HTMLparser.c b/HTMLparser.c
index bdf7807..b729197 100644
--- a/HTMLparser.c
+++ b/HTMLparser.c
@@ -5735,17 +5735,17 @@ htmlParseTryOrFinish(htmlParserCtxtPtr ctxt, int terminate) {
if (ctxt->keepBlanks) {
if (ctxt->sax->characters != NULL)
ctxt->sax->characters(
- ctxt->userData, &cur, 1);
+ ctxt->userData, &in->cur[0], 1);
} else {
if (ctxt->sax->ignorableWhitespace != NULL)
ctxt->sax->ignorableWhitespace(
- ctxt->userData, &cur, 1);
+ ctxt->userData, &in->cur[0], 1);
}
} else {
htmlCheckParagraph(ctxt);
if (ctxt->sax->characters != NULL)
ctxt->sax->characters(
- ctxt->userData, &cur, 1);
+ ctxt->userData, &in->cur[0], 1);
}
}
ctxt->token = 0;
--
2.5.0
Version data entries
12 entries across 12 versions & 4 rubygems