153aa9179Sopenharmony_ciFrom 8090e5856465c0b8e26e2a080f4b498f37fa83ab Mon Sep 17 00:00:00 2001 253aa9179Sopenharmony_ciFrom: Nick Wellnhofer <wellnhofer@aevum.de> 353aa9179Sopenharmony_ciDate: Fri, 17 Mar 2023 12:27:07 +0100 453aa9179Sopenharmony_ciSubject: [PATCH] malloc-fail: Fix buffer overread in htmlParseScript 553aa9179Sopenharmony_ci 653aa9179Sopenharmony_ciFound by OSS-Fuzz, see #344. 753aa9179Sopenharmony_ci 853aa9179Sopenharmony_ciReference:https://github.com/GNOME/libxml2/commit/8090e5856465c0b8e26e2a080f4b498f37fa83ab 953aa9179Sopenharmony_ciConflict:NA 1053aa9179Sopenharmony_ci 1153aa9179Sopenharmony_ci--- 1253aa9179Sopenharmony_ci HTMLparser.c | 2 +- 1353aa9179Sopenharmony_ci 1 file changed, 1 insertion(+), 1 deletion(-) 1453aa9179Sopenharmony_ci 1553aa9179Sopenharmony_cidiff --git a/HTMLparser.c b/HTMLparser.c 1653aa9179Sopenharmony_ciindex 6c8f180..3682807 100644 1753aa9179Sopenharmony_ci--- a/HTMLparser.c 1853aa9179Sopenharmony_ci+++ b/HTMLparser.c 1953aa9179Sopenharmony_ci@@ -3145,8 +3145,8 @@ htmlParseScript(htmlParserCtxtPtr ctxt) { 2053aa9179Sopenharmony_ci } 2153aa9179Sopenharmony_ci nbchar = 0; 2253aa9179Sopenharmony_ci } 2353aa9179Sopenharmony_ci- GROW; 2453aa9179Sopenharmony_ci NEXTL(l); 2553aa9179Sopenharmony_ci+ GROW; 2653aa9179Sopenharmony_ci cur = CUR_CHAR(l); 2753aa9179Sopenharmony_ci } 2853aa9179Sopenharmony_ci 2953aa9179Sopenharmony_ci-- 3053aa9179Sopenharmony_ci2.27.0 3153aa9179Sopenharmony_ci 32