lib/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-10-26 00:37:43 +03:00
Code Activity

parser: Fix push parser with unterminated CDATA sections

Browse Source 
Short-lived regression found by OSS-Fuzz.
This commit is contained in:
Nick Wellnhofer
2022-11-22 21:39:01 +01:00
parent 97c0a9cff7
commit b1f9c19383
1 changed files with 12 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
parser.c
View File

@@ -11794,20 +11794,24 @@ xmlParseTryOrFinish(xmlParserCtxtPtr ctxt, int terminate) {
*/ */
term = BAD_CAST strstr((const char *) ctxt->input->cur, term = BAD_CAST strstr((const char *) ctxt->input->cur,
"]]>"); "]]>");
if (term == NULL)
term = ctxt->input->end;
} else { } else {
term = xmlParseLookupString(ctxt, 0, "]]>", 3); term = xmlParseLookupString(ctxt, 0, "]]>", 3);
} }
if (term == NULL) { if (term == NULL) {
int tmp; int tmp, size;
if (avail < XML_PARSER_BIG_BUFFER_SIZE + 2) if (terminate) {
goto done; /* Unfinished CDATA section */
ctxt->checkIndex = 0; size = ctxt->input->end - ctxt->input->cur;
tmp = xmlCheckCdataPush(ctxt->input->cur, } else {
XML_PARSER_BIG_BUFFER_SIZE, 0); if (avail < XML_PARSER_BIG_BUFFER_SIZE + 2)
goto done;
ctxt->checkIndex = 0;
/* XXX: Why don't we pass the full buffer? */
size = XML_PARSER_BIG_BUFFER_SIZE;
}
tmp = xmlCheckCdataPush(ctxt->input->cur, size, 0);
if (tmp < 0) { if (tmp < 0) {
tmp = -tmp; tmp = -tmp;
ctxt->input->cur += tmp; ctxt->input->cur += tmp;