summaryrefslogtreecommitdiff
path: root/patches/source/libxml2/libxml2.CVE-2012-5134.diff
diff options
context:
space:
mode:
Diffstat (limited to 'patches/source/libxml2/libxml2.CVE-2012-5134.diff')
-rw-r--r--patches/source/libxml2/libxml2.CVE-2012-5134.diff21
1 files changed, 21 insertions, 0 deletions
diff --git a/patches/source/libxml2/libxml2.CVE-2012-5134.diff b/patches/source/libxml2/libxml2.CVE-2012-5134.diff
new file mode 100644
index 00000000..70905aaa
--- /dev/null
+++ b/patches/source/libxml2/libxml2.CVE-2012-5134.diff
@@ -0,0 +1,21 @@
+From 6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Mon, 29 Oct 2012 02:39:55 +0000
+Subject: Fix potential out of bound access
+
+---
+diff --git a/parser.c b/parser.c
+index 0d8d7f2..bd634e9 100644
+--- a/parser.c
++++ b/parser.c
+@@ -4076,7 +4076,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) {
+ goto error;
+
+ if ((in_space) && (normalize)) {
+- while (buf[len - 1] == 0x20) len--;
++ while ((len > 0) && (buf[len - 1] == 0x20)) len--;
+ }
+ buf[len] = 0;
+ if (RAW == '<') {
+--
+cgit v0.9.0.2
generated by cgit v1.2.3 (git 2.26.2) at 2024-11-01 02:36:44 +0000