153aa9179Sopenharmony_ciFrom d1b87856931797c5c527cee16d96e482a45b99ed Mon Sep 17 00:00:00 2001 253aa9179Sopenharmony_ciFrom: Nick Wellnhofer <wellnhofer@aevum.de> 353aa9179Sopenharmony_ciDate: Sun, 22 Jan 2023 17:42:09 +0100 453aa9179Sopenharmony_ciSubject: [PATCH] malloc-fail: Fix infinite loop in xmlParseTextDecl 553aa9179Sopenharmony_ci 653aa9179Sopenharmony_ciMemory errors can set `instate` to `XML_PARSER_EOF` which results in 753aa9179Sopenharmony_ci`NEXT` making no progress. 853aa9179Sopenharmony_ci 953aa9179Sopenharmony_ciFound with libFuzzer, see #344. 1053aa9179Sopenharmony_ci 1153aa9179Sopenharmony_ciReference:https://github.com/GNOME/libxml2/commit/d1b87856931797c5c527cee16d96e482a45b99ed 1253aa9179Sopenharmony_ciConflict:NA 1353aa9179Sopenharmony_ci--- 1453aa9179Sopenharmony_ci parser.c | 2 ++ 1553aa9179Sopenharmony_ci 1 file changed, 2 insertions(+) 1653aa9179Sopenharmony_ci 1753aa9179Sopenharmony_cidiff --git a/parser.c b/parser.c 1853aa9179Sopenharmony_ciindex 9127deb..fafae15 100644 1953aa9179Sopenharmony_ci--- a/parser.c 2053aa9179Sopenharmony_ci+++ b/parser.c 2153aa9179Sopenharmony_ci@@ -6957,6 +6957,8 @@ xmlParseTextDecl(xmlParserCtxtPtr ctxt) { 2253aa9179Sopenharmony_ci * We must have the encoding declaration 2353aa9179Sopenharmony_ci */ 2453aa9179Sopenharmony_ci encoding = xmlParseEncodingDecl(ctxt); 2553aa9179Sopenharmony_ci+ if (ctxt->instate == XML_PARSER_EOF) 2653aa9179Sopenharmony_ci+ return; 2753aa9179Sopenharmony_ci if (ctxt->errNo == XML_ERR_UNSUPPORTED_ENCODING) { 2853aa9179Sopenharmony_ci /* 2953aa9179Sopenharmony_ci * The XML REC instructs us to stop parsing right here 3053aa9179Sopenharmony_ci-- 3153aa9179Sopenharmony_ci2.27.0 3253aa9179Sopenharmony_ci 33