32 lines
1.0 KiB
Diff
32 lines
1.0 KiB
Diff
From 954696e7cf236c3aa71dc0b7f9e70d3f51e5cb07 Mon Sep 17 00:00:00 2001
|
|
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
|
Date: Sun, 7 Feb 2021 13:23:09 +0100
|
|
Subject: [PATCH] Fix infinite loop in HTML parser introduced with recent
|
|
commits
|
|
|
|
Check for XML_PARSER_EOF to avoid an infinite loop introduced with
|
|
recent changes to the HTML push parser.
|
|
|
|
Found by OSS-Fuzz.
|
|
---
|
|
HTMLparser.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/HTMLparser.c b/HTMLparser.c
|
|
index 2877f4b7..14cc56fa 100644
|
|
--- a/HTMLparser.c
|
|
+++ b/HTMLparser.c
|
|
@@ -5872,7 +5872,8 @@ htmlParseTryOrFinish(htmlParserCtxtPtr ctxt, int terminate) {
|
|
xmlGenericError(xmlGenericErrorContext,
|
|
"HPP: Parsing char data\n");
|
|
#endif
|
|
- while ((cur != '<') && (in->cur < in->end)) {
|
|
+ while ((ctxt->instate != XML_PARSER_EOF) &&
|
|
+ (cur != '<') && (in->cur < in->end)) {
|
|
if (cur == '&') {
|
|
htmlParseReference(ctxt);
|
|
} else {
|
|
--
|
|
2.27.0
|
|
|