1
0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2024-12-23 17:33:50 +03:00

malloc-fail: Don't truncate parser input buffer

We now follow a laissez-faire approach when handling malloc failures and
removed many checks whether the parser was stopped by such an error.
This means the parser input must not be truncated to avoid out-of-bounds
reads.

Short-lived regression.
This commit is contained in:
Nick Wellnhofer 2023-12-12 15:13:11 +01:00
parent 8583b9f1cd
commit 8e13133dbd

21
buf.c
View File

@ -1008,16 +1008,7 @@ xmlBufMergeBuffer(xmlBufPtr buf, xmlBufferPtr buffer) {
*/
int
xmlBufResetInput(xmlBufPtr buf, xmlParserInputPtr input) {
if (input == NULL)
return(-1);
if ((buf == NULL) || (buf->error)) {
input->base = input->cur = input->end = BAD_CAST "";
return(-1);
}
CHECK_COMPAT(buf)
input->base = input->cur = buf->content;
input->end = &buf->content[buf->use];
return(0);
return(xmlBufUpdateInput(buf, input, 0));
}
/**
@ -1033,16 +1024,8 @@ xmlBufResetInput(xmlBufPtr buf, xmlParserInputPtr input) {
*/
int
xmlBufUpdateInput(xmlBufPtr buf, xmlParserInputPtr input, size_t pos) {
if (input == NULL)
if ((buf == NULL) || (input == NULL))
return(-1);
/*
* TODO: It might be safer to keep using the buffer content if there
* was an error.
*/
if ((buf == NULL) || (buf->error)) {
input->base = input->cur = input->end = BAD_CAST "";
return(-1);
}
CHECK_COMPAT(buf)
input->base = buf->content;
input->cur = input->base + pos;