From 2876ac5392a4e891b81e40e592c3ac6cb46016ce Mon Sep 17 00:00:00 2001 From: Nick Wellnhofer Date: Wed, 8 May 2024 11:49:31 +0200 Subject: [PATCH] [CVE-2024-34459] Fix buffer overread with `xmllint --htmlout` Add a missing bounds check. --- xmllint.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xmllint.c b/xmllint.c index 82a878651..4d84c640b 100644 --- a/xmllint.c +++ b/xmllint.c @@ -599,7 +599,7 @@ xmlHTMLPrintFileContext(xmlParserInputPtr input) { len = strlen(buffer); snprintf(&buffer[len], sizeof(buffer) - len, "\n"); cur = input->cur; - while ((*cur == '\n') || (*cur == '\r')) + while ((cur > base) && ((*cur == '\n') || (*cur == '\r'))) cur--; n = 0; while ((cur != base) && (n++ < 80)) { -- GitLab