diff options
author | 2017-08-23 09:27:49 +0200 | |
---|---|---|
committer | 2017-08-23 09:28:56 +0200 | |
commit | 9f36ba11942153b51031264201e9a9491fb00ebd (patch) | |
tree | 18d56f0aa39cf134d32c1cbe2594e195fcb36ff4 /dev-libs/libxml2/files/libxml2-2.9.4-heap-buffer-overflow.patch | |
parent | app-vim/phpdocs: EAPI 6 bump. (diff) | |
download | gentoo-9f36ba11942153b51031264201e9a9491fb00ebd.tar.gz gentoo-9f36ba11942153b51031264201e9a9491fb00ebd.tar.bz2 gentoo-9f36ba11942153b51031264201e9a9491fb00ebd.zip |
dev-libs/libxml2: version bump 2.9.4-r1 → 2.9.4-r2
Apply a round of security fixes.
Gentoo-Bugs: 599192, 586886, 618604, 622914, 605208, 623206
Package-Manager: Portage-2.3.8, Repoman-2.3.3
Diffstat (limited to 'dev-libs/libxml2/files/libxml2-2.9.4-heap-buffer-overflow.patch')
-rw-r--r-- | dev-libs/libxml2/files/libxml2-2.9.4-heap-buffer-overflow.patch | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-heap-buffer-overflow.patch b/dev-libs/libxml2/files/libxml2-2.9.4-heap-buffer-overflow.patch new file mode 100644 index 000000000000..770a1832b190 --- /dev/null +++ b/dev-libs/libxml2/files/libxml2-2.9.4-heap-buffer-overflow.patch @@ -0,0 +1,32 @@ +From df4f9bdc7a37908ded8bd1fec4f75509eaa156de Mon Sep 17 00:00:00 2001 +From: David Kilzer <ddkilzer@apple.com> +Date: Tue, 4 Jul 2017 18:38:03 +0200 +Subject: [PATCH 5/7] Heap-buffer-overflow read of size 1 in + xmlFAParsePosCharGroup + +Credit to OSS-Fuzz. + +Add a check to xmlFAParseCharRange() for the end of the buffer +to prevent reading past the end of it. + +This fixes Bug 784017. +--- + xmlregexp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/xmlregexp.c b/xmlregexp.c +index ca3b4f46..6676c2a8 100644 +--- a/xmlregexp.c ++++ b/xmlregexp.c +@@ -5051,7 +5051,7 @@ xmlFAParseCharRange(xmlRegParserCtxtPtr ctxt) { + return; + } + len = 1; +- } else if ((cur != 0x5B) && (cur != 0x5D)) { ++ } else if ((cur != '\0') && (cur != 0x5B) && (cur != 0x5D)) { + end = CUR_SCHAR(ctxt->cur, len); + } else { + ERROR("Expecting the end of a char range"); +-- +2.14.1 + |