30 lines
1.1 KiB
Diff
30 lines
1.1 KiB
Diff
From 5290462a7ea1278a8d5c0d5b2860d4e244f997e4 Mon Sep 17 00:00:00 2001
|
|
From: Sebastian Pipping <sebastian@pipping.org>
|
|
Date: Tue, 20 Sep 2022 02:44:34 +0200
|
|
Subject: [PATCH] lib: Fix overeager DTD destruction in
|
|
XML_ExternalEntityParserCreate
|
|
|
|
---
|
|
lib/xmlparse.c | 8 ++++++++
|
|
1 file changed, 8 insertions(+)
|
|
|
|
diff --git a/lib/xmlparse.c b/lib/xmlparse.c
|
|
index aacd6e7fc..57bf103cc 100644
|
|
--- a/lib/xmlparse.c
|
|
+++ b/lib/xmlparse.c
|
|
@@ -1068,6 +1068,14 @@ parserCreate(const XML_Char *encodingName,
|
|
parserInit(parser, encodingName);
|
|
|
|
if (encodingName && ! parser->m_protocolEncodingName) {
|
|
+ if (dtd) {
|
|
+ // We need to stop the upcoming call to XML_ParserFree from happily
|
|
+ // destroying parser->m_dtd because the DTD is shared with the parent
|
|
+ // parser and the only guard that keeps XML_ParserFree from destroying
|
|
+ // parser->m_dtd is parser->m_isParamEntity but it will be set to
|
|
+ // XML_TRUE only later in XML_ExternalEntityParserCreate (or not at all).
|
|
+ parser->m_dtd = NULL;
|
|
+ }
|
|
XML_ParserFree(parser);
|
|
return NULL;
|
|
}
|