From 0b6b55b076211ca2fbce4d2abfac7ff57cef4fe5 Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@src.gnome.org>
Date: Tue, 20 Mar 2001 11:27:34 +0000
Subject: [PATCH] Someone found a bug hiding in a corner, caught it ! -
parser.c: fixing bug 52299 strange condition leading to a parser crash due
to a buffer overflow - result/noent/attrib.xml result/attrib.xml
test/attrib.xml: added the specific test case Daniel
---
ChangeLog | 7 +++++++
parser.c | 6 ++++++
result/attrib.xml | 2 ++
result/noent/attrib.xml | 2 ++
test/attrib.xml | 1 +
5 files changed, 18 insertions(+)
create mode 100644 result/attrib.xml
create mode 100644 result/noent/attrib.xml
create mode 100644 test/attrib.xml
diff --git a/ChangeLog b/ChangeLog
index 08d4f054..712d805f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+Tue Mar 20 12:22:36 CET 2001 Daniel Veillard <Daniel.Veillard@imag.fr>
+
+ * parser.c: fixing bug 52299 strange condition leading
+ to a parser crash due to a buffer overflow
+ * result/noent/attrib.xml result/attrib.xml test/attrib.xml:
+ added the specific test case
+
Mon Mar 19 16:50:52 CET 2001 Daniel Veillard <Daniel.Veillard@imag.fr>
* xpath.[ch]: still a lot of cleanup based on XSLT, added
diff --git a/parser.c b/parser.c
index deb02d28..b5352f9c 100644
--- a/parser.c
+++ b/parser.c
@@ -2156,6 +2156,9 @@ xmlParseAttValue(xmlParserCtxtPtr ctxt) {
buf[len++] = *current++;
}
} else {
+ if (len > buf_size - 10) {
+ growBuffer(buf);
+ }
len += xmlCopyChar(0, &buf[len], val);
}
} else {
@@ -2178,6 +2181,9 @@ xmlParseAttValue(xmlParserCtxtPtr ctxt) {
xmlFree(rep);
}
} else {
+ if (len > buf_size - 10) {
+ growBuffer(buf);
+ }
if (ent->content != NULL)
buf[len++] = ent->content[0];
}
diff --git a/result/attrib.xml b/result/attrib.xml
new file mode 100644
index 00000000..89a1e572
--- /dev/null
+++ b/result/attrib.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0"?>
+<item title="Icrontic.com - Warning: Breakdancing midget with tourette's syndrome on-board                                                " url="http://www.icrontic.com/" first_time="985034339" last_time="985034339" visits="1"/>
diff --git a/result/noent/attrib.xml b/result/noent/attrib.xml
new file mode 100644
index 00000000..89a1e572
--- /dev/null
+++ b/result/noent/attrib.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0"?>
+<item title="Icrontic.com - Warning: Breakdancing midget with tourette's syndrome on-board                                                " url="http://www.icrontic.com/" first_time="985034339" last_time="985034339" visits="1"/>
diff --git a/test/attrib.xml b/test/attrib.xml
new file mode 100644
index 00000000..5be33fa4
--- /dev/null
+++ b/test/attrib.xml
@@ -0,0 +1 @@
+<item title="Icrontic.com - Warning: Breakdancing midget with tourette's syndrome on-board                                                " url="http://www.icrontic.com/" first_time="985034339" last_time="985034339" visits="1"/>