From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail1.windriver.com (mail1.windriver.com [147.11.146.13]) by mail.openembedded.org (Postfix) with ESMTP id C448F755F4 for ; Wed, 28 Oct 2015 10:12:20 +0000 (UTC) Received: from ALA-HCA.corp.ad.wrs.com (ala-hca.corp.ad.wrs.com [147.11.189.40]) by mail1.windriver.com (8.15.2/8.15.1) with ESMTPS id t9SACIUO017295 (version=TLSv1 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 28 Oct 2015 03:12:19 -0700 (PDT) Received: from [128.224.162.231] (128.224.162.231) by ALA-HCA.corp.ad.wrs.com (147.11.189.50) with Microsoft SMTP Server id 14.3.248.2; Wed, 28 Oct 2015 03:12:18 -0700 To: Jussi Kukkonen References: <484dd4883f19d258e29e343f1b0735d2940d7424.1446009435.git.kai.kang@windriver.com> From: Kang Kai Message-ID: <56309F82.203@windriver.com> Date: Wed, 28 Oct 2015 18:12:18 +0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: Cc: Patches and discussions about the oe-core layer Subject: Re: [PATCH 1/1] libxml2: fix unsafe memory access X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Oct 2015 10:12:25 -0000 Content-Type: multipart/alternative; boundary="------------090202090000080403090909" --------------090202090000080403090909 Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 8bit On 2015年10月28日 17:41, Jussi Kukkonen wrote: > > > On 28 October 2015 at 07:22, > wrote: > > From: Kai Kang > > > Backport patch from: > > https://bugzilla.gnome.org/show_bug.cgi?id=746048 > > to fix valgrind errors and unsafe memory access. > > Fix the indentation by the way. > > Signed-off-by: Kai Kang > > --- > .../libxml2/libxml2-fix-unsafe-memory-access.patch | 97 > ++++++++++++++++++++++ > meta/recipes-core/libxml/libxml2_2.9.2.bb > | 3 +- > 2 files changed, 99 insertions(+), 1 deletion(-) > create mode 100644 > meta/recipes-core/libxml/libxml2/libxml2-fix-unsafe-memory-access.patch > > diff --git > a/meta/recipes-core/libxml/libxml2/libxml2-fix-unsafe-memory-access.patch > b/meta/recipes-core/libxml/libxml2/libxml2-fix-unsafe-memory-access.patch > new file mode 100644 > index 0000000..b583032 > --- /dev/null > +++ > b/meta/recipes-core/libxml/libxml2/libxml2-fix-unsafe-memory-access.patch > @@ -0,0 +1,97 @@ > +Upstream-Status: Backport > > > This may be a nitpick but I don't think DV has taken this patch in the > six months it's been available so it's not a backport. I suppose Backport is the best choice in upstream status [ Pending Submitted Accepted Backport Denied Inappropriate ]. Though it is not from official upstream, it is from somewhere else as listed in the patch. Thanks. --Kai > > - Jussi > > + > +Backport from > + > +https://bugzilla.gnome.org/show_bug.cgi?id=746048 > + > +to fix unsafe memory access. > + > +Signed-off-by: Kai Kang > > +--- > +diff --git a/HTMLparser.c b/HTMLparser.c > +index d329d3b..6f81424 100644 > +--- a/HTMLparser.c > ++++ b/HTMLparser.c > +@@ -3245,13 +3245,20 @@ htmlParseComment(htmlParserCtxtPtr ctxt) { > + ctxt->instate = state; > + return; > + } > ++ if ((ctxt->input->end - ctxt->input->cur) < 3) { > ++ ctxt->instate = XML_PARSER_EOF; > ++ htmlParseErr(ctxt, XML_ERR_COMMENT_NOT_FINISHED, > ++ "Comment not terminated\n", NULL, NULL); > ++ xmlFree(buf); > ++ return; > ++ } > + q = CUR_CHAR(ql); > + NEXTL(ql); > + r = CUR_CHAR(rl); > + NEXTL(rl); > + cur = CUR_CHAR(l); > + len = 0; > +- while (IS_CHAR(cur) && > ++ while (((ctxt->input->end - ctxt->input->cur) > 0) && > IS_CHAR(cur) && > + ((cur != '>') || > + (r != '-') || (q != '-'))) { > + if (len + 5 >= size) { > +@@ -3281,7 +3288,7 @@ htmlParseComment(htmlParserCtxtPtr ctxt) { > + } > + } > + buf[len] = 0; > +- if (!IS_CHAR(cur)) { > ++ if (!(ctxt->input->end - ctxt->input->cur) || !IS_CHAR(cur)) { > + htmlParseErr(ctxt, XML_ERR_COMMENT_NOT_FINISHED, > + "Comment not terminated \n