Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP1
expat
expat-CVE-2024-45490.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File expat-CVE-2024-45490.patch of Package expat
From 5c1a31642e243f4870c0bd1f2afc7597976521bf Mon Sep 17 00:00:00 2001 From: Sebastian Pipping <sebastian@pipping.org> Date: Mon, 19 Aug 2024 22:26:07 +0200 Subject: [PATCH 1/3] lib: Reject negative len for XML_ParseBuffer Reported by TaiYou --- expat/lib/xmlparse.c | 6 ++++++ 1 file changed, 6 insertions(+) Index: expat-2.2.5/lib/xmlparse.c =================================================================== --- expat-2.2.5.orig/lib/xmlparse.c +++ expat-2.2.5/lib/xmlparse.c @@ -1963,6 +1963,12 @@ XML_ParseBuffer(XML_Parser parser, int l if (parser == NULL) return XML_STATUS_ERROR; + + if (len < 0) { + parser->m_errorCode = XML_ERROR_INVALID_ARGUMENT; + return XML_STATUS_ERROR; + } + switch (parser->m_parsingStatus.parsing) { case XML_SUSPENDED: parser->m_errorCode = XML_ERROR_SUSPENDED; Index: expat-2.2.5/doc/reference.html =================================================================== --- expat-2.2.5.orig/doc/reference.html +++ expat-2.2.5/doc/reference.html @@ -1047,7 +1047,9 @@ containing part (or perhaps all) of the that are part of the document is indicated by <code>len</code>. This means that <code>s</code> doesn't have to be null terminated. It also means that if <code>len</code> is larger than the number of bytes in the block of -memory that <code>s</code> points at, then a memory fault is likely. The +memory that <code>s</code> points at, then a memory fault is likely. +Negative values for <code>len</code> are rejected since Expat 2.2.1. +The <code>isFinal</code> parameter informs the parser that this is the last piece of the document. Frequently, the last piece is empty (i.e. <code>len</code> is zero.) @@ -1062,11 +1064,17 @@ XML_ParseBuffer(XML_Parser p, int isFinal); </pre> <div class="fcndef"> +<p> This is just like <code><a href= "#XML_Parse" >XML_Parse</a></code>, except in this case Expat provides the buffer. By obtaining the buffer from Expat with the <code><a href= "#XML_GetBuffer" >XML_GetBuffer</a></code> function, the application can avoid double copying of the input. +</p> + +<p> +Negative values for <code>len</code> are rejected since Expat 2.6.3. +</p> </div> <pre class="fcndec" id="XML_GetBuffer">
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor