1From 4b3452d17123631ec43d532b83dc182c1a638fed Mon Sep 17 00:00:00 2001 2From: Nick Wellnhofer <wellnhofer@aevum.de> 3Date: Wed, 15 Mar 2023 16:56:36 +0100 4Subject: [PATCH] html: Fix quadratic behavior in htmlParseTryOrFinish 5 6Fix check for end of script content. 7 8Found by OSS-Fuzz. 9 10Reference:https://github.com/GNOME/libxml2/commit/4b3452d17123631ec43d532b83dc182c1a638fed 11Conflict:NA 12 13--- 14 HTMLparser.c | 8 +++++++- 15 1 file changed, 7 insertions(+), 1 deletion(-) 16 17diff --git a/HTMLparser.c b/HTMLparser.c 18index b76218c..6c8f180 100644 19--- a/HTMLparser.c 20+++ b/HTMLparser.c 21@@ -5984,8 +5984,14 @@ htmlParseTryOrFinish(htmlParserCtxtPtr ctxt, int terminate) { 22 if (idx < 0) 23 goto done; 24 val = in->cur[idx + 2]; 25- if (val == 0) /* bad cut of input */ 26+ if (val == 0) { /* bad cut of input */ 27+ /* 28+ * FIXME: htmlParseScript checks for additional 29+ * characters after '</'. 30+ */ 31+ ctxt->checkIndex = idx; 32 goto done; 33+ } 34 } 35 htmlParseScript(ctxt); 36 if ((cur == '<') && (next == '/')) { 37-- 382.27.0 39 40