diff options
| author | Pranjal Jumde <pjumde@apple.com> | 2016-03-07 14:04:08 -0800 |
|---|---|---|
| committer | Daniel Veillard <veillard@redhat.com> | 2016-05-23 15:01:07 +0800 |
| commit | 38eae571111db3b43ffdeb05487c9f60551906fb (patch) | |
| tree | 6c8c49c25884830f08d6118227d3dedb1e3ce1ce /result | |
| parent | 11ed4a7a90d5ce156a18980a4ad4e53e77384852 (diff) | |
| download | libxml2-38eae571111db3b43ffdeb05487c9f60551906fb.tar.gz | |
Heap use-after-free in xmlSAX2AttributeNsCVE-2016-1835
For https://bugzilla.gnome.org/show_bug.cgi?id=759020
* parser.c:
(xmlParseStartTag2): Attribute strings are only valid if the
base does not change, so add another check where the base may
change. Make sure to set 'attvalue' to NULL after freeing it.
* result/errors/759020.xml: Added.
* result/errors/759020.xml.err: Added.
* result/errors/759020.xml.str: Added.
* test/errors/759020.xml: Added test case.
Diffstat (limited to 'result')
| -rw-r--r-- | result/errors/759020.xml | 0 | ||||
| -rw-r--r-- | result/errors/759020.xml.err | 6 | ||||
| -rw-r--r-- | result/errors/759020.xml.str | 7 |
3 files changed, 13 insertions, 0 deletions
diff --git a/result/errors/759020.xml b/result/errors/759020.xml new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/result/errors/759020.xml diff --git a/result/errors/759020.xml.err b/result/errors/759020.xml.err new file mode 100644 index 00000000..a0d30517 --- /dev/null +++ b/result/errors/759020.xml.err @@ -0,0 +1,6 @@ +./test/errors/759020.xml:3: namespace warning : xmlns: URI 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 is not absolute +0000000000000000000000000000000000000000000000000000000000000000000000000000000' + ^ +./test/errors/759020.xml:46: parser error : Couldn't find end of Start Tag s00 line 2 + + ^ diff --git a/result/errors/759020.xml.str b/result/errors/759020.xml.str new file mode 100644 index 00000000..998d6d2f --- /dev/null +++ b/result/errors/759020.xml.str @@ -0,0 +1,7 @@ +./test/errors/759020.xml:3: namespace warning : xmlns: URI 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 is not absolute +0000000000000000000000000000000000000000000000000000000000000000000000000000000' + ^ +./test/errors/759020.xml:46: parser error : Couldn't find end of Start Tag s00 + + ^ +./test/errors/759020.xml : failed to parse |