diff options
| author |   Aaron Bauman <bman@gentoo.org> | 2017-01-02 15:40:16 +0900 |
|---|---|---|
| committer | Aaron Bauman <bman@gentoo.org> | 2017-01-02 15:40:59 +0900 |
| commit | 060503be258912e25b6da77ca79d450553ed0be3 (patch) | |
| tree | 8dd4d010e17448661d883938772ca1fdcdba3ddf /dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef2.patch | |
| parent | dev-python/sip: sync live ebuild (diff) | |
| download | gentoo-060503be258912e25b6da77ca79d450553ed0be3.tar.gz gentoo-060503be258912e25b6da77ca79d450553ed0be3.tar.bz2 gentoo-060503be258912e25b6da77ca79d450553ed0be3.zip | |
dev-libs/libxml2: security bump to -r1 wrt bugs 589816, 597112, 597114, 597116 in coordination with leio
Diffstat (limited to 'dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef2.patch')
| -rw-r--r-- | dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef2.patch | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef2.patch b/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef2.patch new file mode 100644 index 000000000000..2484f76e7b0b --- /dev/null +++ b/dev-libs/libxml2/files/libxml2-2.9.4-nullptrderef2.patch @@ -0,0 +1,57 @@ +From d8083bf77955b7879c1290f0c0a24ab8cc70f7fb Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer <wellnhofer@aevum.de> +Date: Sat, 25 Jun 2016 12:35:50 +0200 +Subject: Fix NULL pointer deref in XPointer range-to + +- Check for errors after evaluating first operand. +- Add sanity check for empty stack. + +Found with afl-fuzz. +--- + result/XPath/xptr/viderror | 4 ++++ + test/XPath/xptr/viderror | 1 + + xpath.c | 7 ++++++- + 3 files changed, 11 insertions(+), 1 deletion(-) + create mode 100644 result/XPath/xptr/viderror + create mode 100644 test/XPath/xptr/viderror + +diff --git a/result/XPath/xptr/viderror b/result/XPath/xptr/viderror +new file mode 100644 +index 0000000..d589882 +--- /dev/null ++++ b/result/XPath/xptr/viderror +@@ -0,0 +1,4 @@ ++ ++======================== ++Expression: xpointer(non-existing-fn()/range-to(id('chapter2'))) ++Object is empty (NULL) +diff --git a/test/XPath/xptr/viderror b/test/XPath/xptr/viderror +new file mode 100644 +index 0000000..da8c53b +--- /dev/null ++++ b/test/XPath/xptr/viderror +@@ -0,0 +1 @@ ++xpointer(non-existing-fn()/range-to(id('chapter2'))) +diff --git a/xpath.c b/xpath.c +index 113bce6..751665b 100644 +--- a/xpath.c ++++ b/xpath.c +@@ -14005,9 +14005,14 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op) + xmlNodeSetPtr oldset; + int i, j; + +- if (op->ch1 != -1) ++ if (op->ch1 != -1) { + total += + xmlXPathCompOpEval(ctxt, &comp->steps[op->ch1]); ++ CHECK_ERROR0; ++ } ++ if (ctxt->value == NULL) { ++ XP_ERROR0(XPATH_INVALID_OPERAND); ++ } + if (op->ch2 == -1) + return (total); + +-- +cgit v0.12 + |