shaba/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-03-31 06:50:06 +03:00
Code

parser: Fix integer overflow of input ID

Browse Source 
Applies a patch from Chromium. Also stop incrementing input ID of
subcontexts. This isn't necessary.

Fixes #465.
This commit is contained in:
Nick Wellnhofer 2022-12-22 15:22:01 +01:00
parent 0bd4e4e032
commit 077df27eb1
2 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
parser.c
View File

@ -13087,7 +13087,7 @@ xmlParseBalancedChunkMemoryInternal(xmlParserCtxtPtr oldctxt,
ctxt->userData = ctxt;
if (ctxt->dict != NULL) xmlDictFree(ctxt->dict);
ctxt->dict = oldctxt->dict;
ctxt->input_id = oldctxt->input_id + 1;
ctxt->input_id = oldctxt->input_id;
ctxt->str_xml = xmlDictLookup(ctxt->dict, BAD_CAST "xml", 3);
ctxt->str_xmlns = xmlDictLookup(ctxt->dict, BAD_CAST "xmlns", 5);
ctxt->str_xml_ns = xmlDictLookup(ctxt->dict, XML_XML_NAMESPACE, 36);
@ -13726,11 +13726,7 @@ xmlCreateEntityParserCtxtInternal(xmlSAXHandlerPtr sax, void *userData,
if (pctx != NULL) {
ctxt->options = pctx->options;
ctxt->_private = pctx->_private;
/*
* this is a subparser of pctx, so the input_id should be
* incremented to distinguish from main entity
*/
ctxt->input_id = pctx->input_id + 1;
ctxt->input_id = pctx->input_id;
}
/* Don't read from stdin. */

7
parserInternals.c
View File

@ -1237,8 +1237,13 @@ xmlNewInputStream(xmlParserCtxtPtr ctxt) {
* should not happen while parsing which is the situation where
* the id is actually needed.
*/
if (ctxt != NULL)
if (ctxt != NULL) {
if (input->id >= INT_MAX) {
xmlErrMemory(ctxt, "Input ID overflow\n");
return(NULL);
}
input->id = ctxt->input_id++;
}
return(input);
}