Another variation of overflow in Conditional sections

Which happen after the previous fix to https://bugzilla.gnome.org/show_bug.cgi?id=756456 But stopping the parser and exiting we didn't pop the intermediary entities and doing the SKIP there applies on an input which may be too small
author: Daniel Veillard <veillard@redhat.com> 2015-10-23 19:02:28 +0800
committer: Daniel Veillard <veillard@redhat.com> 2015-10-23 19:02:28 +0800
commit: bd0526e66a56e75a18da8c15c4750db8f801c52d (patch)
tree: f812bfd22218e4d4a0347f91b47fdbecaaf15d6d /parser.c
parent: cf77e60515045bdd66f2c59c69a06e603b470eae (diff)
download: android_external_libxml2-bd0526e66a56e75a18da8c15c4750db8f801c52d.tar.gz
android_external_libxml2-bd0526e66a56e75a18da8c15c4750db8f801c52d.tar.bz2
android_external_libxml2-bd0526e66a56e75a18da8c15c4750db8f801c52d.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/parser.c b/parser.c
index a65e4cc8..b9217ff1 100644
--- a/parser.c
+++ b/parser.c
@@ -6915,7 +6915,9 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
 	"All markup of the conditional section is not in the same entity\n",
 				 NULL, NULL);
 	}
-        SKIP(3);
+	if ((ctxt-> instate != XML_PARSER_EOF) &&
+	    ((ctxt->input->cur + 3) < ctxt->input->end))
+	    SKIP(3);
     }
 }
author	Daniel Veillard <veillard@redhat.com>	2015-10-23 19:02:28 +0800
committer	Daniel Veillard <veillard@redhat.com>	2015-10-23 19:02:28 +0800
commit	bd0526e66a56e75a18da8c15c4750db8f801c52d (patch)
tree	f812bfd22218e4d4a0347f91b47fdbecaaf15d6d /parser.c
parent	cf77e60515045bdd66f2c59c69a06e603b470eae (diff)
download	android_external_libxml2-bd0526e66a56e75a18da8c15c4750db8f801c52d.tar.gz android_external_libxml2-bd0526e66a56e75a18da8c15c4750db8f801c52d.tar.bz2 android_external_libxml2-bd0526e66a56e75a18da8c15c4750db8f801c52d.zip