diff options
author | Daniel Veillard <veillard@redhat.com> | 2015-11-20 16:06:59 +0800 |
---|---|---|
committer | Daniel Veillard <veillard@redhat.com> | 2015-11-20 16:06:59 +0800 |
commit | f1063fdbe7fa66332bbb76874101c2a7b51b519f (patch) | |
tree | e595bb9616c59c9bc926933ea9b09be21a78e036 /result | |
parent | fdfeecc1b73b0318466f0d61f0b8881ed9d92dd2 (diff) | |
download | android_external_libxml2-f1063fdbe7fa66332bbb76874101c2a7b51b519f.tar.gz android_external_libxml2-f1063fdbe7fa66332bbb76874101c2a7b51b519f.tar.bz2 android_external_libxml2-f1063fdbe7fa66332bbb76874101c2a7b51b519f.zip |
CVE-2015-7500 Fix memory access error due to incorrect entities boundaries
For https://bugzilla.gnome.org/show_bug.cgi?id=756525
handle properly the case where we popped out of the current entity
while processing a start tag
Reported by Kostya Serebryany @ Google
This slightly modifies the output of 754946 in regression tests
Diffstat (limited to 'result')
-rw-r--r-- | result/errors/754946.xml.err | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/result/errors/754946.xml.err b/result/errors/754946.xml.err index 423dff56..a75088b9 100644 --- a/result/errors/754946.xml.err +++ b/result/errors/754946.xml.err @@ -11,6 +11,9 @@ Entity: line 1: parser error : DOCTYPE improperly terminated Entity: line 1: A<lbbbbbbbbbbbbbbbbbbb_ ^ +./test/errors/754946.xml:1: parser error : Start tag doesn't start and stop in the same entity +>%SYSTEM;<![ + ^ ./test/errors/754946.xml:1: parser error : Extra content at the end of the document -<!DOCTYPEA[<!ENTITY % - ^ +>%SYSTEM;<![ + ^ |