From 04f8b06b024193eb1473458b92dac16809c29e08 Mon Sep 17 00:00:00 2001
From: Sona Sarmadi <sona.sarmadi@enea.com>
Date: Wed, 24 Feb 2016 09:07:43 +0100
Subject: libxml2: CVE-2015-8242

Fixes buffer overread with HTML parser in push mode in xmlSAX2TextNode [NEEDINFO].

Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8242

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
---
 ...2015-8242-Buffer-overead-with-HTML-parser.patch | 49 ++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2015-8242-Buffer-overead-with-HTML-parser.patch

(limited to 'meta/recipes-core/libxml/libxml2/CVE-2015-8242-Buffer-overead-with-HTML-parser.patch')

diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-8242-Buffer-overead-with-HTML-parser.patch b/meta/recipes-core/libxml/libxml2/CVE-2015-8242-Buffer-overead-with-HTML-parser.patch
new file mode 100644
index 0000000000..73531b3c1d
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2015-8242-Buffer-overead-with-HTML-parser.patch
@@ -0,0 +1,49 @@
+From 8fb4a770075628d6441fb17a1e435100e2f3b1a2 Mon Sep 17 00:00:00 2001
+From: Hugh Davenport <hugh@allthethings.co.nz>
+Date: Fri, 20 Nov 2015 17:16:06 +0800
+Subject: [PATCH] CVE-2015-8242 Buffer overead with HTML parser in push mode
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=756372
+Error in the code pointing to the codepoint in the stack for the
+current char value instead of the pointer in the input that the SAX
+callback expects
+Reported and fixed by Hugh Davenport
+
+Upstream-Status: Backport
+
+CVE-2015-8242
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ HTMLparser.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/HTMLparser.c b/HTMLparser.c
+index bdf7807..b729197 100644
+--- a/HTMLparser.c
++++ b/HTMLparser.c
+@@ -5735,17 +5735,17 @@ htmlParseTryOrFinish(htmlParserCtxtPtr ctxt, int terminate) {
+ 				if (ctxt->keepBlanks) {
+ 				    if (ctxt->sax->characters != NULL)
+ 					ctxt->sax->characters(
+-						ctxt->userData, &cur, 1);
++						ctxt->userData, &in->cur[0], 1);
+ 				} else {
+ 				    if (ctxt->sax->ignorableWhitespace != NULL)
+ 					ctxt->sax->ignorableWhitespace(
+-						ctxt->userData, &cur, 1);
++						ctxt->userData, &in->cur[0], 1);
+ 				}
+ 			    } else {
+ 				htmlCheckParagraph(ctxt);
+ 				if (ctxt->sax->characters != NULL)
+ 				    ctxt->sax->characters(
+-					    ctxt->userData, &cur, 1);
++					    ctxt->userData, &in->cur[0], 1);
+ 			    }
+ 			}
+ 			ctxt->token = 0;
+-- 
+2.3.5
+
-- 
cgit v1.2.3-54-g00ecf