1From 2876ac5392a4e891b81e40e592c3ac6cb46016ce Mon Sep 17 00:00:00 2001 2From: Nick Wellnhofer <wellnhofer@aevum.de> 3Date: Wed, 8 May 2024 11:49:31 +0200 4Subject: [PATCH] [CVE-2024-34459] Fix buffer overread with `xmllint --htmlout` 5 6Add a missing bounds check. 7--- 8 xmllint.c | 2 +- 9 1 file changed, 1 insertion(+), 1 deletion(-) 10 11diff --git a/xmllint.c b/xmllint.c 12index 82a878651..4d84c640b 100644 13--- a/xmllint.c 14+++ b/xmllint.c 15@@ -599,7 +599,7 @@ xmlHTMLPrintFileContext(xmlParserInputPtr input) { 16 len = strlen(buffer); 17 snprintf(&buffer[len], sizeof(buffer) - len, "\n"); 18 cur = input->cur; 19- while ((*cur == '\n') || (*cur == '\r')) 20+ while ((cur > base) && ((*cur == '\n') || (*cur == '\r'))) 21 cur--; 22 n = 0; 23 while ((cur != base) && (n++ < 80)) { 24-- 25GitLab 26 27