From 25ae533b3e9be084e5eaa9089bd0c79104fdd06c Mon Sep 17 00:00:00 2001 From: Nick Wellnhofer Date: Mon, 17 Feb 2025 11:27:30 +0100 Subject: [PATCH] xmllint: Fix SIGBUS with --memory option If the input file size is a multiple of page size, the byte after the file's content is on a new page and accessing it will lead to SIGBUS. Remove XML_INPUT_BUF_ZERO_TERMINATED hint for mmapped files. Regressed with a221cd78. Fixes #864. --- xmllint.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/xmllint.c b/xmllint.c index d8dde636..e6ebc7f0 100644 --- a/xmllint.c +++ b/xmllint.c @@ -375,8 +375,7 @@ parseXml(xmllintState *lint, const char *filename) { input = xmlNewInputFromMemory(filename, lint->memoryData, lint->memorySize, - XML_INPUT_BUF_STATIC | - XML_INPUT_BUF_ZERO_TERMINATED); + XML_INPUT_BUF_STATIC); if (input == NULL) { lint->progresult = XMLLINT_ERR_MEM; return(NULL); @@ -456,8 +455,7 @@ parseHtml(xmllintState *lint, const char *filename) { input = xmlNewInputFromMemory(filename, lint->memoryData, lint->memorySize, - XML_INPUT_BUF_STATIC | - XML_INPUT_BUF_ZERO_TERMINATED); + XML_INPUT_BUF_STATIC); if (input == NULL) { lint->progresult = XMLLINT_ERR_MEM; return(NULL); @@ -3437,7 +3435,7 @@ xmllintMain(int argc, const char **argv, FILE *errStream, lint->progresult = XMLLINT_ERR_RDFILE; break; } - lint->memoryData = mmap(NULL, info.st_size + 1, PROT_READ, + lint->memoryData = mmap(NULL, info.st_size, PROT_READ, MAP_SHARED, memoryFd, 0); if (lint->memoryData == (void *) MAP_FAILED) { close(memoryFd);