diff options
author | Daniel Veillard <veillard@redhat.com> | 2015-10-23 19:02:28 +0800 |
---|---|---|
committer | Daniel Veillard <veillard@redhat.com> | 2015-10-23 19:02:28 +0800 |
commit | bd0526e66a56e75a18da8c15c4750db8f801c52d (patch) | |
tree | f812bfd22218e4d4a0347f91b47fdbecaaf15d6d | |
parent | cf77e60515045bdd66f2c59c69a06e603b470eae (diff) | |
download | android_external_libxml2-bd0526e66a56e75a18da8c15c4750db8f801c52d.tar.gz android_external_libxml2-bd0526e66a56e75a18da8c15c4750db8f801c52d.tar.bz2 android_external_libxml2-bd0526e66a56e75a18da8c15c4750db8f801c52d.zip |
Another variation of overflow in Conditional sections
Which happen after the previous fix to
https://bugzilla.gnome.org/show_bug.cgi?id=756456
But stopping the parser and exiting we didn't pop the intermediary entities
and doing the SKIP there applies on an input which may be too small
-rw-r--r-- | parser.c | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -6915,7 +6915,9 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) { "All markup of the conditional section is not in the same entity\n", NULL, NULL); } - SKIP(3); + if ((ctxt-> instate != XML_PARSER_EOF) && + ((ctxt->input->cur + 3) < ctxt->input->end)) + SKIP(3); } } |