1From 1061537efdf3874c91fd50d18f98c4b8a3518e52 Mon Sep 17 00:00:00 2001 2From: Nick Wellnhofer <wellnhofer@aevum.de> 3Date: Sun, 26 Mar 2023 22:40:54 +0200 4Subject: [PATCH] malloc-fail: Fix buffer overread with HTML doctype 5 declarations 6 7Found by OSS-Fuzz, see #344. 8 9Reference:https://github.com/GNOME/libxml2/commit/1061537efdf3874c91fd50d18f98c4b8a3518e52 10Conflict:NA 11 12--- 13 HTMLparser.c | 4 ++-- 14 1 file changed, 2 insertions(+), 2 deletions(-) 15 16diff --git a/HTMLparser.c b/HTMLparser.c 17index 42d1b29..5e4f289 100644 18--- a/HTMLparser.c 19+++ b/HTMLparser.c 20@@ -3008,9 +3008,9 @@ htmlParseSystemLiteral(htmlParserCtxtPtr ctxt) { 21 htmlParseErr(ctxt, XML_ERR_LITERAL_NOT_FINISHED, 22 "Unfinished SystemLiteral\n", NULL, NULL); 23 } else { 24- NEXT; 25 if (err == 0) 26 ret = xmlStrndup((BASE_PTR+startPosition), len); 27+ NEXT; 28 } 29 30 return(ret); 31@@ -3063,9 +3063,9 @@ htmlParsePubidLiteral(htmlParserCtxtPtr ctxt) { 32 htmlParseErr(ctxt, XML_ERR_LITERAL_NOT_FINISHED, 33 "Unfinished PubidLiteral\n", NULL, NULL); 34 } else { 35- NEXT; 36 if (err == 0) 37 ret = xmlStrndup((BASE_PTR + startPosition), len); 38+ NEXT; 39 } 40 41 return(ret); 42-- 432.27.0 44 45