diff options
author | Nick Wellnhofer <wellnhofer@aevum.de> | 2023-04-26 18:46:47 +0200 |
---|---|---|
committer | Nick Wellnhofer <wellnhofer@aevum.de> | 2023-04-26 18:51:26 +0200 |
commit | ee0520e097d5d5eabc355041f350558fadd07492 (patch) | |
tree | 044692c92fcea0a88ad530bfaea491673291ecfb | |
parent | 223cb03a5d27b1b2393b266a8657443d046139d6 (diff) | |
download | libxml2-2.10.tar.gz |
parser: Fix entity check in attributes2.10
Don't mark entities as "checked" when processing default attribute
values. These entities could reference other entities which weren't
defined yet, so the check isn't reliable.
This backports commit d320a683 to the 2.10 branch. It turned out that
the issue wasn't a short-lived regression after all.
-rw-r--r-- | parser.c | 18 |
1 files changed, 13 insertions, 5 deletions
@@ -4057,12 +4057,20 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int *attlen, int normalize) { XML_SUBSTITUTE_REF, 0, 0, 0); --ctxt->depth; - diff = ctxt->nbentities - oldnbent + 1; - if (diff > INT_MAX / 2) - diff = INT_MAX / 2; - ent->checked = diff * 2; + /* + * If we're parsing DTD content, the entity + * might reference other entities which + * weren't defined yet, so the check isn't + * reliable. + */ + if (ctxt->inSubset == 0) { + diff = ctxt->nbentities - oldnbent + 1; + if (diff > INT_MAX / 2) + diff = INT_MAX / 2; + ent->checked = diff * 2; + } if (rep != NULL) { - if (xmlStrchr(rep, '<')) + if ((ctxt->inSubset == 0) && (xmlStrchr(rep, '<'))) ent->checked |= 1; xmlFree(rep); rep = NULL; |