diff options
Diffstat (limited to 'main/libxml2/CVE-2015-7497.patch')
| -rw-r--r-- | main/libxml2/CVE-2015-7497.patch | 32 |
1 files changed, 0 insertions, 32 deletions
diff --git a/main/libxml2/CVE-2015-7497.patch b/main/libxml2/CVE-2015-7497.patch deleted file mode 100644 index d734c606c8..0000000000 --- a/main/libxml2/CVE-2015-7497.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 6360a31a84efe69d155ed96306b9a931a40beab9 Mon Sep 17 00:00:00 2001 -From: David Drysdale <drysdale@google.com> -Date: Fri, 20 Nov 2015 10:47:12 +0800 -Subject: CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey - -For https://bugzilla.gnome.org/show_bug.cgi?id=756528 -It was possible to hit a negative offset in the name indexing -used to randomize the dictionary key generation -Reported and fix provided by David Drysdale @ Google ---- - dict.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/dict.c b/dict.c -index 5f71d55..8c8f931 100644 ---- a/dict.c -+++ b/dict.c -@@ -486,7 +486,10 @@ xmlDictComputeFastQKey(const xmlChar *prefix, int plen, - value += 30 * (*prefix); - - if (len > 10) { -- value += name[len - (plen + 1 + 1)]; -+ int offset = len - (plen + 1 + 1); -+ if (offset < 0) -+ offset = len - (10 + 1); -+ value += name[offset]; - len = 10; - if (plen > 10) - plen = 10; --- -cgit v0.11.2 - |