diff options
author | Bernard Cafarelli <voyageur@gentoo.org> | 2023-08-27 10:42:10 +0200 |
---|---|---|
committer | Bernard Cafarelli <voyageur@gentoo.org> | 2023-08-27 10:42:53 +0200 |
commit | d139a435333edbdb81869e7d4b984a7535e9eda8 (patch) | |
tree | c0e5d75387280a8c02cd411a68b3068d4f5ea0c6 /dev-libs/tinyxml/files | |
parent | dev-vcs/stgit: drop 2.3.0 (diff) | |
download | gentoo-d139a435333edbdb81869e7d4b984a7535e9eda8.tar.gz gentoo-d139a435333edbdb81869e7d4b984a7535e9eda8.tar.bz2 gentoo-d139a435333edbdb81869e7d4b984a7535e9eda8.zip |
dev-libs/tinyxml: bump to add infinite loop patch
Bug: https://bugs.gentoo.org/817863
Signed-off-by: Bernard Cafarelli <voyageur@gentoo.org>
Diffstat (limited to 'dev-libs/tinyxml/files')
-rw-r--r-- | dev-libs/tinyxml/files/tinyxml-2.6.2-CVE-2021-42260.patch | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/dev-libs/tinyxml/files/tinyxml-2.6.2-CVE-2021-42260.patch b/dev-libs/tinyxml/files/tinyxml-2.6.2-CVE-2021-42260.patch new file mode 100644 index 000000000000..d9eeb45c73b5 --- /dev/null +++ b/dev-libs/tinyxml/files/tinyxml-2.6.2-CVE-2021-42260.patch @@ -0,0 +1,23 @@ +Description: In stamp always advance the pointer if *p= 0xef + . + The current implementation only advanced if 0xef is followed + by two non-zero bytes. In case of malformed input (0xef should be + the start byte of a three byte character) this leads to an infinite + loop. (CVE-2021-42260) +Origin: https://sourceforge.net/p/tinyxml/git/merge-requests/1/ + +--- a/tinyxmlparser.cpp ++++ b/tinyxmlparser.cpp +@@ -274,6 +274,12 @@ void TiXmlParsingData::Stamp( const char* now, TiXmlEncoding encoding ) + else + { p +=3; ++col; } // A normal character. + } ++ else ++ { ++ // TIXML_UTF_LEAD_0 (239) is the start character of a 3 byte sequence, so ++ // there is something wrong here. Just advance the pointer to evade infinite loops ++ ++p; ++ } + } + else + { |