mirror of
https://git.FreeBSD.org/ports.git
synced 2025-01-26 09:46:09 +00:00
1a424bcd31
The sample file in the upstream bug report from the PR causes a bus error in PORTREVISION 16, and returns an error (as I suppose it should) now. PR: 251102 Reported by: pi Obtained from: upstream
34 lines
1.2 KiB
Plaintext
34 lines
1.2 KiB
Plaintext
From a549457461874157c8c8e8e8a6e0eec06da4fbd0 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
|
|
Date: Tue, 24 Nov 2020 10:30:20 +0000
|
|
Subject: [PATCH] CVE-2020-25713 raptor2: malformed input file can lead to a
|
|
segfault
|
|
|
|
due to an out of bounds array access in
|
|
raptor_xml_writer_start_element_common
|
|
|
|
See:
|
|
https://bugs.mageia.org/show_bug.cgi?id=27605
|
|
https://www.openwall.com/lists/oss-security/2020/11/13/1
|
|
https://gerrit.libreoffice.org/c/core/+/106249
|
|
---
|
|
src/raptor_xml_writer.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
|
|
index 56993dc3..4426d38c 100644
|
|
--- src/raptor_xml_writer.c
|
|
+++ src/raptor_xml_writer.c
|
|
@@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
|
|
|
|
/* check it wasn't an earlier declaration too */
|
|
for(j = 0; j < nspace_declarations_count; j++)
|
|
- if(nspace_declarations[j].nspace == element->attributes[j]->nspace) {
|
|
+ if(nspace_declarations[j].nspace == element->attributes[i]->nspace) {
|
|
declare_me = 0;
|
|
break;
|
|
}
|
|
--
|
|
2.28.0
|
|
|