diff options
author | Daniel Veillard <veillard@redhat.com> | 2015-10-23 19:02:28 +0800 |
---|---|---|
committer | Daniel Veillard <veillard@redhat.com> | 2015-10-23 19:02:28 +0800 |
commit | bd0526e66a56e75a18da8c15c4750db8f801c52d (patch) | |
tree | f812bfd22218e4d4a0347f91b47fdbecaaf15d6d /parser.c | |
parent | cf77e60515045bdd66f2c59c69a06e603b470eae (diff) | |
download | android_external_libxml2-bd0526e66a56e75a18da8c15c4750db8f801c52d.tar.gz android_external_libxml2-bd0526e66a56e75a18da8c15c4750db8f801c52d.tar.bz2 android_external_libxml2-bd0526e66a56e75a18da8c15c4750db8f801c52d.zip |
Another variation of overflow in Conditional sections
Which happen after the previous fix to
https://bugzilla.gnome.org/show_bug.cgi?id=756456
But stopping the parser and exiting we didn't pop the intermediary entities
and doing the SKIP there applies on an input which may be too small
Diffstat (limited to 'parser.c')
-rw-r--r-- | parser.c | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -6915,7 +6915,9 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) { "All markup of the conditional section is not in the same entity\n", NULL, NULL); } - SKIP(3); + if ((ctxt-> instate != XML_PARSER_EOF) && + ((ctxt->input->cur + 3) < ctxt->input->end)) + SKIP(3); } } |