From 5bb84b47b8dfcbc28fe5ddd1ffb6420eee09805d Mon Sep 17 00:00:00 2001 From: Seiya Nakata Date: Thu, 4 Apr 2024 11:55:28 +0900 Subject: [PATCH] relaxng: Fix tree corruption in xmlRelaxNGParseNameClass Don't create cycles in tree structure. This will lead to an infinite loop or call stack overflow later. Closes: https://gitlab.gnome.org/GNOME/libxml2/-/issues/711 --- relaxng.c | 2 +- result/relaxng/anyName1_0.err | 1 + test/relaxng/anyName1.rng | 15 +++++++++++++++ test/relaxng/anyName1_0.xml | 1 + 4 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 result/relaxng/anyName1_0.err create mode 100644 test/relaxng/anyName1.rng create mode 100644 test/relaxng/anyName1_0.xml diff --git a/relaxng.c b/relaxng.c index e4db4967..24c3e510 100644 --- a/relaxng.c +++ b/relaxng.c @@ -5273,7 +5273,7 @@ xmlRelaxNGParseNameClass(xmlRelaxNGParserCtxtPtr ctxt, xmlNodePtr node, if (tmp != NULL) { if (last == NULL) { last = tmp; - } else { + } else if (tmp != ret) { last->next = tmp; last = tmp; } diff --git a/result/relaxng/anyName1_0.err b/result/relaxng/anyName1_0.err new file mode 100644 index 00000000..20ab3157 --- /dev/null +++ b/result/relaxng/anyName1_0.err @@ -0,0 +1 @@ +./test/relaxng/anyName1_0.xml validates diff --git a/test/relaxng/anyName1.rng b/test/relaxng/anyName1.rng new file mode 100644 index 00000000..540f1630 --- /dev/null +++ b/test/relaxng/anyName1.rng @@ -0,0 +1,15 @@ + + + + + + c + + a + b + + + + + + diff --git a/test/relaxng/anyName1_0.xml b/test/relaxng/anyName1_0.xml new file mode 100644 index 00000000..fb08e36d --- /dev/null +++ b/test/relaxng/anyName1_0.xml @@ -0,0 +1 @@ +