1From 0ec9c91064a58ce2932498a55ae63a85f43975f5 Mon Sep 17 00:00:00 2001 2From: Nick Wellnhofer <wellnhofer@aevum.de> 3Date: Thu, 16 Feb 2023 14:57:24 +0100 4Subject: [PATCH] malloc-fail: Fix infinite loop in htmlParseStartTag 5 6Found with libFuzzer, see #344. 7 8Reference:https://github.com/GNOME/libxml2/commit/0ec9c91064a58ce2932498a55ae63a85f43975f5 9Conflict:NA 10--- 11 HTMLparser.c | 3 ++- 12 1 file changed, 2 insertions(+), 1 deletion(-) 13 14diff --git a/HTMLparser.c b/HTMLparser.c 15index f90053a..ca551d9 100644 16--- a/HTMLparser.c 17+++ b/HTMLparser.c 18@@ -4087,7 +4087,8 @@ htmlParseStartTag(htmlParserCtxtPtr ctxt) { 19 * the end of the tag. */ 20 while ((CUR != 0) && 21 !(IS_BLANK_CH(CUR)) && (CUR != '>') && 22- ((CUR != '/') || (NXT(1) != '>'))) 23+ ((CUR != '/') || (NXT(1) != '>')) && 24+ (ctxt->instate != XML_PARSER_EOF)) 25 NEXT; 26 } 27 28-- 292.27.0 30 31