Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:GA
python-libxml2-python
libxml2-CVE-2020-7595.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libxml2-CVE-2020-7595.patch of Package python-libxml2-python
From 0e1a49c8907645d2e155f0d89d4d9895ac5112b5 Mon Sep 17 00:00:00 2001 From: Zhipeng Xie <xiezhipeng1@huawei.com> Date: Thu, 12 Dec 2019 17:30:55 +0800 Subject: [PATCH] Fix infinite loop in xmlStringLenDecodeEntities When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef return NULL which cause a infinite loop in xmlStringLenDecodeEntities Found with libFuzzer. Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com> --- parser.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/parser.c b/parser.c index d1c31963..a34bb6cd 100644 --- a/parser.c +++ b/parser.c @@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len, else c = 0; while ((c != 0) && (c != end) && /* non input consuming loop */ - (c != end2) && (c != end3)) { + (c != end2) && (c != end3) && + (ctxt->instate != XML_PARSER_EOF)) { if (c == 0) break; if ((c == '&') && (str[1] == '#')) { -- 2.24.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor