lib/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-10-24 13:33:01 +03:00
Code Activity

parser: Fix push parser with unterminated CDATA sections

Browse Source 
Short-lived regression found by OSS-Fuzz.
This commit is contained in:
Nick Wellnhofer
2022-11-22 21:39:01 +01:00
parent 97c0a9cff7
commit b1f9c19383
1 changed files with 12 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
parser.c
View File

@@ -11794,20 +11794,24 @@ xmlParseTryOrFinish(xmlParserCtxtPtr ctxt, int terminate) {
*/
term = BAD_CAST strstr((const char *) ctxt->input->cur,
"]]>");
if (term == NULL)
term = ctxt->input->end;
} else {
term = xmlParseLookupString(ctxt, 0, "]]>", 3);
}
if (term == NULL) {
int tmp;
int tmp, size;
if (avail < XML_PARSER_BIG_BUFFER_SIZE + 2)
goto done;
ctxt->checkIndex = 0;
tmp = xmlCheckCdataPush(ctxt->input->cur,
XML_PARSER_BIG_BUFFER_SIZE, 0);
if (terminate) {
/* Unfinished CDATA section */
size = ctxt->input->end - ctxt->input->cur;
} else {
if (avail < XML_PARSER_BIG_BUFFER_SIZE + 2)
goto done;
ctxt->checkIndex = 0;
/* XXX: Why don't we pass the full buffer? */
size = XML_PARSER_BIG_BUFFER_SIZE;
}
tmp = xmlCheckCdataPush(ctxt->input->cur, size, 0);
if (tmp < 0) {
tmp = -tmp;
ctxt->input->cur += tmp;