1From 63fa7b922a169ed6b86a4c6678140795c28657f5 Mon Sep 17 00:00:00 2001
2From: Nick Wellnhofer <wellnhofer@aevum.de>
3Date: Sun, 20 Nov 2022 19:54:34 +0100
4Subject: [PATCH 20/28] html: Fix check for end of comment in push parser
5
6Make sure to reset checkIndex. Handle case where "--" or "--!" is at the
7end of the buffer. Fix "avail" check in htmlParseOrTryFinish.
8
9Reference: https://github.com/GNOME/libxml2/commit/c93679381c565f4c110c7a6110372bd6d0610308
10Conflict: HTMLparser.c:<htmlParseLookupCommentEnd>,<htmlParseTryOrFinish>
11---
12 HTMLparser.c | 20 ++++++++++++++------
13 1 file changed, 14 insertions(+), 6 deletions(-)
14
15diff --git a/HTMLparser.c b/HTMLparser.c
16index e0b32fe..746edf6 100644
17--- a/HTMLparser.c
18+++ b/HTMLparser.c
19@@ -5405,14 +5405,22 @@ static int
20 htmlParseLookupCommentEnd(htmlParserCtxtPtr ctxt)
21 {
22     int mark = 0;
23+    int offset;
24     int cur = CUR_PTR - BASE_PTR;
25 
26-    while (mark >= 0) {
27+    while (1) {
28 	mark = htmlParseLookupSequence(ctxt, '-', '-', 0, 0);
29-	if ((mark < 0) ||
30-	    (NXT(mark+2) == '>') ||
31+	if (mark < 0)
32+	    break;
33+	if ((NXT(mark+2) == '>') ||
34 	    ((NXT(mark+2) == '!') && (NXT(mark+3) == '>'))) {
35-	    return mark;
36+	    ctxt->checkIndex = 0;
37+	    break;
38+	}
39+	offset = (NXT(mark+2) == '!') ? 3 : 2;
40+	if (mark + offset >= ctxt->input->end - ctxt->input->cur) {
41+	    ctxt->checkIndex = mark;
42+	    return(-1);
43 	}
44 	ctxt->checkIndex = cur + mark + 1;
45     }
46@@ -5949,6 +5957,8 @@ htmlParseTryOrFinish(htmlParserCtxtPtr ctxt, int terminate) {
47 			break;
48 		    }
49 		} else {
50+		    if ((cur == '<') && (next == '!') && (avail < 4))
51+			goto done;
52 		    /*
53 		     * Sometimes DOCTYPE arrives in the middle of the document
54 		     */
55@@ -5984,8 +5994,6 @@ htmlParseTryOrFinish(htmlParserCtxtPtr ctxt, int terminate) {
56 #endif
57 			htmlParsePI(ctxt);
58 			ctxt->instate = XML_PARSER_CONTENT;
59-		    } else if ((cur == '<') && (next == '!') && (avail < 4)) {
60-			goto done;
61 		    } else if ((cur == '<') && (next == '/')) {
62 			ctxt->instate = XML_PARSER_END_TAG;
63 			ctxt->checkIndex = 0;
64-- 
652.27.0
66
67