lib/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-10-26 00:37:43 +03:00
Code Activity

parser: Fix attribute parser progress checks

Browse Source 
This is another attempt at fixing parser progress checks. Instead of
relying on in->consumed, which could overflow, make the attribute parser
functions return a NULL name only if they don't make progress.
This commit is contained in:
Nick Wellnhofer
2022-11-13 21:59:23 +01:00
parent f61b8a6233
commit f7ad338e09
1 changed files with 14 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
parser.c
View File

@@ -8551,7 +8551,7 @@ xmlParseAttribute(xmlParserCtxtPtr ctxt, xmlChar **value) {
} else { } else {
xmlFatalErrMsgStr(ctxt, XML_ERR_ATTRIBUTE_WITHOUT_VALUE, xmlFatalErrMsgStr(ctxt, XML_ERR_ATTRIBUTE_WITHOUT_VALUE,
"Specification mandates value for attribute %s\n", name); "Specification mandates value for attribute %s\n", name);
return(NULL); return(name);
} }
/* /*
@@ -8647,11 +8647,13 @@ xmlParseStartTag(xmlParserCtxtPtr ctxt) {
while (((RAW != '>') && while (((RAW != '>') &&
((RAW != '/') || (NXT(1) != '>')) && ((RAW != '/') || (NXT(1) != '>')) &&
(IS_BYTE_CHAR(RAW))) && (ctxt->instate != XML_PARSER_EOF)) { (IS_BYTE_CHAR(RAW))) && (ctxt->instate != XML_PARSER_EOF)) {
int id = ctxt->input->id;
unsigned long cons = CUR_CONSUMED;
attname = xmlParseAttribute(ctxt, &attvalue); attname = xmlParseAttribute(ctxt, &attvalue);
if ((attname != NULL) && (attvalue != NULL)) { if (attname == NULL) {
xmlFatalErrMsg(ctxt, XML_ERR_INTERNAL_ERROR,
"xmlParseStartTag: problem parsing attributes\n");
break;
}
if (attvalue != NULL) {
/* /*
* [ WFC: Unique Att Spec ] * [ WFC: Unique Att Spec ]
* No attribute name may appear more than once in the same * No attribute name may appear more than once in the same
@@ -8713,12 +8715,6 @@ failed:
xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED, xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED,
"attributes construct error\n"); "attributes construct error\n");
} }
if ((cons == CUR_CONSUMED) && (id == ctxt->input->id) &&
(attname == NULL) && (attvalue == NULL)) {
xmlFatalErrMsg(ctxt, XML_ERR_INTERNAL_ERROR,
"xmlParseStartTag: problem parsing attributes\n");
break;
}
SHRINK; SHRINK;
GROW; GROW;
} }
@@ -9270,7 +9266,7 @@ xmlParseAttribute2(xmlParserCtxtPtr ctxt,
xmlFatalErrMsgStr(ctxt, XML_ERR_ATTRIBUTE_WITHOUT_VALUE, xmlFatalErrMsgStr(ctxt, XML_ERR_ATTRIBUTE_WITHOUT_VALUE,
"Specification mandates value for attribute %s\n", "Specification mandates value for attribute %s\n",
name); name);
return (NULL); return (name);
} }
if (*prefix == ctxt->str_xml) { if (*prefix == ctxt->str_xml) {
@@ -9396,13 +9392,16 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref,
while (((RAW != '>') && while (((RAW != '>') &&
((RAW != '/') || (NXT(1) != '>')) && ((RAW != '/') || (NXT(1) != '>')) &&
(IS_BYTE_CHAR(RAW))) && (ctxt->instate != XML_PARSER_EOF)) { (IS_BYTE_CHAR(RAW))) && (ctxt->instate != XML_PARSER_EOF)) {
int id = ctxt->input->id;
unsigned long cons = CUR_CONSUMED;
int len = -1, alloc = 0; int len = -1, alloc = 0;
attname = xmlParseAttribute2(ctxt, prefix, localname, attname = xmlParseAttribute2(ctxt, prefix, localname,
&aprefix, &attvalue, &len, &alloc); &aprefix, &attvalue, &len, &alloc);
if ((attname == NULL) || (attvalue == NULL)) if (attname == NULL) {
xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR,
"xmlParseStartTag: problem parsing attributes\n");
break;
}
if (attvalue == NULL)
goto next_attr; goto next_attr;
if (len < 0) len = xmlStrlen(attvalue); if (len < 0) len = xmlStrlen(attvalue);
@@ -9578,12 +9577,6 @@ next_attr:
"attributes construct error\n"); "attributes construct error\n");
break; break;
} }
if ((cons == CUR_CONSUMED) && (id == ctxt->input->id) &&
(attname == NULL) && (attvalue == NULL)) {
xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR,
"xmlParseStartTag: problem parsing attributes\n");
break;
}
GROW; GROW;
} }