summaryrefslogtreecommitdiff
path: root/extra/libxml2/CVE-2011-3919.patch
blob: b307e57d25346362c0692cf5f5f43956523825e8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
commit 5bd3c061823a8499b27422aee04ea20aae24f03e
Author: Daniel Veillard <veillard@redhat.com>
Date:   Fri Dec 16 18:53:35 2011 +0800

    Fix an allocation error when copying entities

diff --git a/parser.c b/parser.c
index 4e5dcb9..c55e41d 100644
--- a/parser.c
+++ b/parser.c
@@ -2709,7 +2709,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
 
 		buffer[nbchars++] = '&';
 		if (nbchars > buffer_size - i - XML_PARSER_BUFFER_SIZE) {
-		    growBuffer(buffer, XML_PARSER_BUFFER_SIZE);
+		    growBuffer(buffer, i + XML_PARSER_BUFFER_SIZE);
 		}
 		for (;i > 0;i--)
 		    buffer[nbchars++] = *cur++;