mirror of
https://gitlab.gnome.org/GNOME/libxml2
synced 2025-03-28 21:33:13 +00:00
Heap use-after-free in xmlSAX2AttributeNs
For https://bugzilla.gnome.org/show_bug.cgi?id=759020 * parser.c: (xmlParseStartTag2): Attribute strings are only valid if the base does not change, so add another check where the base may change. Make sure to set 'attvalue' to NULL after freeing it. * result/errors/759020.xml: Added. * result/errors/759020.xml.err: Added. * result/errors/759020.xml.str: Added. * test/errors/759020.xml: Added test case.
This commit is contained in:
Pranjal Jumde
Daniel Veillard
parent
11ed4a7a90
commit
38eae57111
12
parser.c
12
parser.c
@ -9488,7 +9488,10 @@ reparse:
|
||||
else
|
||||
if (nsPush(ctxt, NULL, URL) > 0) nbNs++;
|
||||
skip_default_ns:
|
||||
if (alloc != 0) xmlFree(attvalue);
|
||||
if ((attvalue != NULL) && (alloc != 0)) {
|
||||
xmlFree(attvalue);
|
||||
attvalue = NULL;
|
||||
}
|
||||
if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
|
||||
break;
|
||||
if (!IS_BLANK_CH(RAW)) {
|
||||
@ -9497,6 +9500,8 @@ skip_default_ns:
|
||||
break;
|
||||
}
|
||||
SKIP_BLANKS;
|
||||
if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
|
||||
goto base_changed;
|
||||
continue;
|
||||
}
|
||||
if (aprefix == ctxt->str_xmlns) {
|
||||
@ -9568,7 +9573,10 @@ skip_default_ns:
|
||||
else
|
||||
if (nsPush(ctxt, attname, URL) > 0) nbNs++;
|
||||
skip_ns:
|
||||
if (alloc != 0) xmlFree(attvalue);
|
||||
if ((attvalue != NULL) && (alloc != 0)) {
|
||||
xmlFree(attvalue);
|
||||
attvalue = NULL;
|
||||
}
|
||||
if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
|
||||
break;
|
||||
if (!IS_BLANK_CH(RAW)) {
|
||||
|
||||
0
result/errors/759020.xml
Normal file
0
result/errors/759020.xml
Normal file
6
result/errors/759020.xml.err
Normal file
6
result/errors/759020.xml.err
Normal file
@ -0,0 +1,6 @@
|
||||
./test/errors/759020.xml:3: namespace warning : xmlns: URI 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 is not absolute
|
||||
0000000000000000000000000000000000000000000000000000000000000000000000000000000'
|
||||
^
|
||||
./test/errors/759020.xml:46: parser error : Couldn't find end of Start Tag s00 line 2
|
||||
|
||||
^
|
||||
7
result/errors/759020.xml.str
Normal file
7
result/errors/759020.xml.str
Normal file
@ -0,0 +1,7 @@
|
||||
./test/errors/759020.xml:3: namespace warning : xmlns: URI 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 is not absolute
|
||||
0000000000000000000000000000000000000000000000000000000000000000000000000000000'
|
||||
^
|
||||
./test/errors/759020.xml:46: parser error : Couldn't find end of Start Tag s00
|
||||
|
||||
^
|
||||
./test/errors/759020.xml : failed to parse
|
||||
46
test/errors/759020.xml
Normal file
46
test/errors/759020.xml
Normal file
@ -0,0 +1,46 @@
|
||||
<?l 00000000000000000000000000000?>
|
||||
<s00 w0000="000" h00000="000"
|
||||
xmlns = '00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000'
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user