expat/backport-008-CVE-2023-52425.patch

From 7f54667c59c5a884beba5dce17003715d7cbaffa Mon Sep 17 00:00:00 2001
From: Snild Dolkow <snild@sony.com>
Date: Mon, 18 Sep 2023 20:32:55 +0200
Subject: [PATCH] tests: Run both with and without partial token heuristic

If we always run with the heuristic enabled, it may hide some bugs by
grouping up input into bigger parse attempts.

CI-fighting-assistance-by: Sebastian Pipping <sebastian@pipping.org>
---
 lib/internal.h | 2 ++
 lib/xmlparse.c | 5 ++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/internal.h b/lib/internal.h
index 444eba0f..dda42d88 100644
--- a/lib/internal.h
+++ b/lib/internal.h
@@ -158,6 +158,8 @@ unsigned long long testingAccountingGetCountBytesIndirect(XML_Parser parser);
 const char *unsignedCharToPrintable(unsigned char c);
 #endif
 
+extern XML_Bool g_reparseDeferralEnabledDefault; // written ONLY in runtests.c
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/lib/xmlparse.c b/lib/xmlparse.c
index 32df1eb9..e30e76aa 100644
--- a/lib/xmlparse.c
+++ b/lib/xmlparse.c
@@ -599,6 +599,8 @@ static unsigned long getDebugLevel(const char *variableName,
        ? 0                                                                     \
        : ((*((pool)->ptr)++ = c), 1))
 
+XML_Bool g_reparseDeferralEnabledDefault = XML_TRUE; // write ONLY in runtests.c
+
 struct XML_ParserStruct {
   /* The first member must be m_userData so that the XML_GetUserData
      macro works. */
@@ -951,7 +953,8 @@ callProcessor(XML_Parser parser, const char *start, const char *end,
               const char **endPtr) {
   const size_t have_now = EXPAT_SAFE_PTR_DIFF(end, start);
 
-  if (! parser->m_parsingStatus.finalBuffer) {
+  if (g_reparseDeferralEnabledDefault
+      && ! parser->m_parsingStatus.finalBuffer) {
     // Heuristic: don't try to parse a partial token again until the amount of
     // available data has increased significantly.
     const size_t had_before = parser->m_partialTokenBytesBefore;
-- 
2.33.0
fix CVE-2023-52425 2024-06-12 16:31:25 +08:00			`From 7f54667c59c5a884beba5dce17003715d7cbaffa Mon Sep 17 00:00:00 2001`
			`From: Snild Dolkow <snild@sony.com>`
			`Date: Mon, 18 Sep 2023 20:32:55 +0200`
			`Subject: [PATCH] tests: Run both with and without partial token heuristic`

			`If we always run with the heuristic enabled, it may hide some bugs by`
			`grouping up input into bigger parse attempts.`

			`CI-fighting-assistance-by: Sebastian Pipping <sebastian@pipping.org>`
			`---`
			`lib/internal.h \| 2 ++`
			`lib/xmlparse.c \| 5 ++++-`
			`2 files changed, 6 insertions(+), 1 deletion(-)`

			`diff --git a/lib/internal.h b/lib/internal.h`
			`index 444eba0f..dda42d88 100644`
			`--- a/lib/internal.h`
			`+++ b/lib/internal.h`
			`@@ -158,6 +158,8 @@ unsigned long long testingAccountingGetCountBytesIndirect(XML_Parser parser);`
			`const char *unsignedCharToPrintable(unsigned char c);`
			`#endif`

			`+extern XML_Bool g_reparseDeferralEnabledDefault; // written ONLY in runtests.c`
			`+`
			`#ifdef __cplusplus`
			`}`
			`#endif`
			`diff --git a/lib/xmlparse.c b/lib/xmlparse.c`
			`index 32df1eb9..e30e76aa 100644`
			`--- a/lib/xmlparse.c`
			`+++ b/lib/xmlparse.c`
			`@@ -599,6 +599,8 @@ static unsigned long getDebugLevel(const char *variableName,`
			`? 0 \`
			`: ((*((pool)->ptr)++ = c), 1))`

			`+XML_Bool g_reparseDeferralEnabledDefault = XML_TRUE; // write ONLY in runtests.c`
			`+`
			`struct XML_ParserStruct {`
			`/* The first member must be m_userData so that the XML_GetUserData`
			`macro works. */`
			`@@ -951,7 +953,8 @@ callProcessor(XML_Parser parser, const char start, const char end,`
			`const char **endPtr) {`
			`const size_t have_now = EXPAT_SAFE_PTR_DIFF(end, start);`

			`- if (! parser->m_parsingStatus.finalBuffer) {`
			`+ if (g_reparseDeferralEnabledDefault`
			`+ && ! parser->m_parsingStatus.finalBuffer) {`
			`// Heuristic: don't try to parse a partial token again until the amount of`
			`// available data has increased significantly.`
			`const size_t had_before = parser->m_partialTokenBytesBefore;`
			`--`
			`2.33.0`