Fix quadratic runtime in HTML push parser with null bytes

Null bytes in the input stream do not necessarily signal an EOF condition. Check the stream pointers for EOF to avoid quadratic rescanning of input data. Note that the CUR_CHAR macro used in functions like htmlParseCharData calls htmlCurrentChar which translates null bytes. Found by OSS-Fuzz.
2025-03-24 06:50:08 +03:00 · 2020-12-06 16:38:00 +01:00 · 2020-12-06 16:38:00 +01:00 · 94c2e415a9
commit 94c2e415a9
parent 1c4f9a6db5
1 changed files with 1 additions and 1 deletions
--- a/HTMLparser.c
+++ b/HTMLparser.c
@ -5832,7 +5832,7 @@ htmlParseTryOrFinish(htmlParserCtxtPtr ctxt, int terminate) {
 			xmlGenericError(xmlGenericErrorContext,
 				"HPP: Parsing char data\n");
 #endif
-                        while ((cur != '<') && (cur != 0)) {
+                        while ((cur != '<') && (in->cur < in->end)) {
                            if (cur == '&') {
 			        htmlParseReference(ctxt);
                            } else {