From ee0520e097d5d5eabc355041f350558fadd07492 Mon Sep 17 00:00:00 2001 From: Nick Wellnhofer Date: Wed, 26 Apr 2023 18:46:47 +0200 Subject: [PATCH] parser: Fix entity check in attributes Don't mark entities as "checked" when processing default attribute values. These entities could reference other entities which weren't defined yet, so the check isn't reliable. This backports commit d320a683 to the 2.10 branch. It turned out that the issue wasn't a short-lived regression after all. --- parser.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/parser.c b/parser.c index 79479979..f56d3e11 100644 --- a/parser.c +++ b/parser.c @@ -4057,12 +4057,20 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) { XML_SUBSTITUTE_REF, 0, 0, 0); --ctxt->depth; - diff = ctxt->nbentities - oldnbent + 1; - if (diff > INT_MAX / 2) - diff = INT_MAX / 2; - ent->checked = diff * 2; + /* + * If we're parsing DTD content, the entity + * might reference other entities which + * weren't defined yet, so the check isn't + * reliable. + */ + if (ctxt->inSubset == 0) { + diff = ctxt->nbentities - oldnbent + 1; + if (diff > INT_MAX / 2) + diff = INT_MAX / 2; + ent->checked = diff * 2; + } if (rep != NULL) { - if (xmlStrchr(rep, '<')) + if ((ctxt->inSubset == 0) && (xmlStrchr(rep, '<'))) ent->checked |= 1; xmlFree(rep); rep = NULL;