shaba/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-03-31 06:50:06 +03:00
Code

xmllint: Fix SIGBUS with --memory option

Browse Source 
If the input file size is a multiple of page size, the byte after the
file's content is on a new page and accessing it will lead to SIGBUS.

Remove XML_INPUT_BUF_ZERO_TERMINATED hint for mmapped files.

Regressed with a221cd78.

Fixes #864.
This commit is contained in:
Nick Wellnhofer 2025-02-17 11:27:30 +01:00
parent 7a61c32bfa
commit 25ae533b3e
1 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
xmllint.c
View File

@ -375,8 +375,7 @@ parseXml(xmllintState *lint, const char *filename) {
input = xmlNewInputFromMemory(filename,
lint->memoryData, lint->memorySize,
XML_INPUT_BUF_STATIC |
XML_INPUT_BUF_ZERO_TERMINATED);
XML_INPUT_BUF_STATIC);
if (input == NULL) {
lint->progresult = XMLLINT_ERR_MEM;
return(NULL);
@ -456,8 +455,7 @@ parseHtml(xmllintState *lint, const char *filename) {
input = xmlNewInputFromMemory(filename,
lint->memoryData, lint->memorySize,
XML_INPUT_BUF_STATIC |
XML_INPUT_BUF_ZERO_TERMINATED);
XML_INPUT_BUF_STATIC);
if (input == NULL) {
lint->progresult = XMLLINT_ERR_MEM;
return(NULL);
@ -3437,7 +3435,7 @@ xmllintMain(int argc, const char **argv, FILE *errStream,
lint->progresult = XMLLINT_ERR_RDFILE;
break;
}
lint->memoryData = mmap(NULL, info.st_size + 1, PROT_READ,
lint->memoryData = mmap(NULL, info.st_size, PROT_READ,
MAP_SHARED, memoryFd, 0);
if (lint->memoryData == (void *) MAP_FAILED) {
close(memoryFd);