mirror of
https://gitlab.gnome.org/GNOME/libxml2.git
synced 2024-12-23 17:33:50 +03:00
malloc-fail: Don't truncate parser input buffer
We now follow a laissez-faire approach when handling malloc failures and removed many checks whether the parser was stopped by such an error. This means the parser input must not be truncated to avoid out-of-bounds reads. Short-lived regression.
This commit is contained in:
parent
8583b9f1cd
commit
8e13133dbd
21
buf.c
21
buf.c
@ -1008,16 +1008,7 @@ xmlBufMergeBuffer(xmlBufPtr buf, xmlBufferPtr buffer) {
|
||||
*/
|
||||
int
|
||||
xmlBufResetInput(xmlBufPtr buf, xmlParserInputPtr input) {
|
||||
if (input == NULL)
|
||||
return(-1);
|
||||
if ((buf == NULL) || (buf->error)) {
|
||||
input->base = input->cur = input->end = BAD_CAST "";
|
||||
return(-1);
|
||||
}
|
||||
CHECK_COMPAT(buf)
|
||||
input->base = input->cur = buf->content;
|
||||
input->end = &buf->content[buf->use];
|
||||
return(0);
|
||||
return(xmlBufUpdateInput(buf, input, 0));
|
||||
}
|
||||
|
||||
/**
|
||||
@ -1033,16 +1024,8 @@ xmlBufResetInput(xmlBufPtr buf, xmlParserInputPtr input) {
|
||||
*/
|
||||
int
|
||||
xmlBufUpdateInput(xmlBufPtr buf, xmlParserInputPtr input, size_t pos) {
|
||||
if (input == NULL)
|
||||
if ((buf == NULL) || (input == NULL))
|
||||
return(-1);
|
||||
/*
|
||||
* TODO: It might be safer to keep using the buffer content if there
|
||||
* was an error.
|
||||
*/
|
||||
if ((buf == NULL) || (buf->error)) {
|
||||
input->base = input->cur = input->end = BAD_CAST "";
|
||||
return(-1);
|
||||
}
|
||||
CHECK_COMPAT(buf)
|
||||
input->base = buf->content;
|
||||
input->cur = input->base + pos;
|
||||
|
Loading…
Reference in New Issue
Block a user