Heap-based buffer overread in xmlNextCharCVE-2016-1762

For https://bugzilla.gnome.org/show_bug.cgi?id=759671 when the end of the internal subset isn't properly detected xmlParseInternalSubset should just return instead of trying to process input further.
author: Daniel Veillard <veillard@redhat.com> 2016-02-09 12:55:29 +0100
committer: Daniel Veillard <veillard@redhat.com> 2016-02-09 12:55:29 +0100
commit: a7a94612aa3b16779e2c74e1fa353b5d9786c602 (patch)
tree: 6d71fd02522847fb75621353c7646e8025c434ba /parser.c
parent: 6657afe83a38278f124ace71dc85f60420beb2d5 (diff)
download: libxml2-a7a94612aa3b16779e2c74e1fa353b5d9786c602.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/parser.c b/parser.c
index c5741e3b..0677030c 100644
--- a/parser.c
+++ b/parser.c
@@ -8468,6 +8468,7 @@ xmlParseInternalSubset(xmlParserCtxtPtr ctxt) {
      */
     if (RAW != '>') {
 	xmlFatalErr(ctxt, XML_ERR_DOCTYPE_NOT_FINISHED, NULL);
+	return;
     }
     NEXT;
 }
author	Daniel Veillard <veillard@redhat.com>	2016-02-09 12:55:29 +0100
committer	Daniel Veillard <veillard@redhat.com>	2016-02-09 12:55:29 +0100
commit	a7a94612aa3b16779e2c74e1fa353b5d9786c602 (patch)
tree	6d71fd02522847fb75621353c7646e8025c434ba /parser.c
parent	6657afe83a38278f124ace71dc85f60420beb2d5 (diff)
download	libxml2-a7a94612aa3b16779e2c74e1fa353b5d9786c602.tar.gz