Package: libxml2 / 2.9.4+dfsg1-7

0019-CVE-2017-8872.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Description: Out-of-bounds read in htmlParseTryOrFinish
Origin: vendor, https://bugzilla.novell.com/attachment.cgi?id=732309
Bug: https://bugzilla.gnome.org/show_bug.cgi?id=775200
Bug-Debian: https://bugs.debian.org/862450
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-8872
Bug-SUSE: https://bugzilla.novell.com/show_bug.cgi?id=1038444
Forwarded: yes, https://bug775200.bugzilla-attachments.gnome.org/attachment.cgi?id=355527
Author: Marcus Meissner <meissner@suse.de>
Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
Last-Update: 2018-01-02

--- a/parser.c
+++ b/parser.c
@@ -12725,6 +12725,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
 	}
 	ctxt->input->cur = BAD_CAST"";
 	ctxt->input->base = ctxt->input->cur;
+	if (ctxt->input->buf) {
+		xmlBufEmpty (ctxt->input->buf->buffer);
+	} else
+		ctxt->input->length = 0;
     }
 }