lib/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-10-24 13:33:01 +03:00
Code Activity

Fix potential infinite loop in xmlStringLenDecodeEntities

Browse Source 
Make sure that xmlParseStringPEReference advances the "str" pointer
even if the parser was stopped. Otherwise xmlStringLenDecodeEntities
can loop infinitely.
This commit is contained in:
Nick Wellnhofer
2017-06-10 17:06:16 +02:00
parent 4ba8cc856b
commit fb2f518cc6
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
parser.c
View File

@@ -8327,6 +8327,7 @@ xmlParseStringPEReference(xmlParserCtxtPtr ctxt, const xmlChar **str) {
entity = ctxt->sax->getParameterEntity(ctxt->userData, name); entity = ctxt->sax->getParameterEntity(ctxt->userData, name);
if (ctxt->instate == XML_PARSER_EOF) { if (ctxt->instate == XML_PARSER_EOF) {
xmlFree(name); xmlFree(name);
*str = ptr;
return(NULL); return(NULL);
} }
if (entity == NULL) { if (entity == NULL) {