From 5c1a31642e243f4870c0bd1f2afc7597976521bf Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Mon, 19 Aug 2024 22:26:07 +0200 Subject: [PATCH] lib: Reject negative len for XML_ParseBuffer Reported by TaiYou Conflict:file path adapt add error code XML_ERROR_INVALID_ARGUMENT parser->m_errorCode => errorCode return XML_STATUS_ERROR => return 0 context adapt Reference:https://github.com/libexpat/libexpat/commit/5c1a31642e243f4870c0bd1f2afc7597976521bf --- lib/expat/xmlparse/xmlparse.c | 8 +++++++- lib/expat/xmlparse/xmlparse.h | 3 ++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/lib/expat/xmlparse/xmlparse.c b/lib/expat/xmlparse/xmlparse.c index 8087360..d2363da 100644 --- a/lib/expat/xmlparse/xmlparse.c +++ b/lib/expat/xmlparse/xmlparse.c @@ -4810,6 +4810,11 @@ xmlrpc_XML_ParseBuffer(XML_Parser const xmlParserP, return 0; } + if (len < 0) { + errorCode = XML_ERROR_INVALID_ARGUMENT; + return 0; + } + parser->m_positionPtr = start; parser->m_bufferEnd += len; parser->m_parseEndByteIndex += len; @@ -5017,7 +5022,8 @@ xmlrpc_XML_ErrorString(int const code) { /* UNCLOSED_CDATA_SECTION */ XML_T("unclosed CDATA section"), /* EXTERNAL_ENTITY_HANDLING */ XML_T("error in processing external entity reference"), - /* NOT_STANDALONE */ XML_T("document is not standalone") + /* NOT_STANDALONE */ XML_T("document is not standalone"), + /* INVALID_ARGUMENT */ XML_T("invalid argument") }; const XML_LChar * retval; diff --git a/lib/expat/xmlparse/xmlparse.h b/lib/expat/xmlparse/xmlparse.h index 76cf0db..63133ba 100644 --- a/lib/expat/xmlparse/xmlparse.h +++ b/lib/expat/xmlparse/xmlparse.h @@ -518,7 +518,8 @@ enum XML_Error { XML_ERROR_INCORRECT_ENCODING, XML_ERROR_UNCLOSED_CDATA_SECTION, XML_ERROR_EXTERNAL_ENTITY_HANDLING, - XML_ERROR_NOT_STANDALONE + XML_ERROR_NOT_STANDALONE, + XML_ERROR_INVALID_ARGUMENT }; /* If xmlrpc_XML_Parse or xmlrpc_XML_ParseBuffer have returned 0, then -- 2.33.0