File glib2-CVE-2018-16428.patch of Package glib2.9083

Overview Repositories Revisions Requests Users Attributes Meta

File glib2-CVE-2018-16428.patch of Package glib2.9083

From fccef3cc822af74699cca84cd202719ae61ca3b9 Mon Sep 17 00:00:00 2001
From: Philip Withnall <withnall@endlessm.com>
Date: Mon, 30 Jul 2018 18:33:39 +0100
Subject: [PATCH] gmarkup: Fix crash in error handling path for closing
 elements
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

If something which looks like a closing tag is left unfinished, but
isn’t paired to an opening tag in the document, the error handling code
would do a null pointer dereference. Avoid that, at the cost of
introducing a new translatable error message.

Includes a test case, courtesy of pdknsk.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

https://gitlab.gnome.org/GNOME/glib/issues/1461
---
 glib/gmarkup.c                      | 11 ++++++++---
 glib/tests/Makefile.am              |  1 +
 glib/tests/markups/fail-51.expected |  1 +
 glib/tests/markups/fail-51.gmarkup  |  1 +
 4 files changed, 11 insertions(+), 3 deletions(-)
 create mode 100644 glib/tests/markups/fail-51.expected
 create mode 100644 glib/tests/markups/fail-51.gmarkup

diff -Nura glib-2.38.2/glib/gmarkup.c glib-2.38.2_new/glib/gmarkup.c
--- glib-2.38.2/glib/gmarkup.c	2013-11-12 13:30:22.000000000 +0800
+++ glib-2.38.2_new/glib/gmarkup.c	2018-09-27 20:18:17.652527240 +0800
@@ -1825,9 +1825,14 @@
     case STATE_AFTER_CLOSE_TAG_SLASH:
     case STATE_INSIDE_CLOSE_TAG_NAME:
     case STATE_AFTER_CLOSE_TAG_NAME:
-      set_error (context, error, G_MARKUP_ERROR_PARSE,
-                 _("Document ended unexpectedly inside the close tag for "
-                   "element '%s'"), current_element (context));
+      if (context->tag_stack != NULL)
+        set_error (context, error, G_MARKUP_ERROR_PARSE,
+                   _("Document ended unexpectedly inside the close tag for "
+                     "element “%s”"), current_element (context));
+      else
+        set_error (context, error, G_MARKUP_ERROR_PARSE,
+                   _("Document ended unexpectedly inside the close tag for an "
+                     "unopened element"));
       break;
 
     case STATE_INSIDE_PASSTHROUGH:
diff -Nura glib-2.38.2/glib/tests/Makefile.am glib-2.38.2_new/glib/tests/Makefile.am
--- glib-2.38.2/glib/tests/Makefile.am	2013-11-12 13:30:22.000000000 +0800
+++ glib-2.38.2_new/glib/tests/Makefile.am	2018-09-27 20:19:46.202303672 +0800
@@ -138,6 +138,7 @@
 	fail-36 fail-37 fail-38 fail-39 fail-40 \
 	fail-41 fail-42 fail-43 fail-44 fail-45 \
 	fail-46 fail-47 fail-48 fail-49 \
+	fail-51 \
 	valid-1 valid-2 valid-3 valid-4 valid-5 \
 	valid-6 valid-7 valid-8 valid-9 valid-10 \
 	valid-11 valid-12 valid-13 valid-14 valid-15 \
diff -Nura glib-2.38.2/glib/tests/markups/fail-51.expected glib-2.38.2_new/glib/tests/markups/fail-51.expected
--- glib-2.38.2/glib/tests/markups/fail-51.expected	1970-01-01 08:00:00.000000000 +0800
+++ glib-2.38.2_new/glib/tests/markups/fail-51.expected	2018-09-27 21:57:43.207027818 +0800
@@ -0,0 +1 @@
+ERROR Error on line 1 char 5: Document ended unexpectedly inside the close tag for an unopened element
diff -Nura glib-2.38.2/glib/tests/markups/fail-51.gmarkup glib-2.38.2_new/glib/tests/markups/fail-51.gmarkup
--- glib-2.38.2/glib/tests/markups/fail-51.gmarkup	1970-01-01 08:00:00.000000000 +0800
+++ glib-2.38.2_new/glib/tests/markups/fail-51.gmarkup	2018-09-27 21:58:03.946210277 +0800
@@ -0,0 +1 @@
+</0<

Places

File glib2-CVE-2018-16428.patch of Package glib2.9083

Places