[xml/sgml-pkgs] Bug#387720: diff for 2.34-4.2 NMU

Steinar H. Gunderson sesse at samfundet.no
Sat Sep 16 10:23:01 UTC 2006 

Package: libxml-parser-perl
Version: 2.34-4.1
Severity: normal
Tags: patch

Hi,

Attached is the diff for my libxml-parser-perl 2.34-4.2 NMU.
-------------- next part --------------
diff -Nru /tmp/uaIhTE9rkI/libxml-parser-perl-2.34/debian/changelog /tmp/Lnxjq35k7R/libxml-parser-perl-2.34/debian/changelog
--- /tmp/uaIhTE9rkI/libxml-parser-perl-2.34/debian/changelog	2006-09-16 12:22:57.000000000 +0200
+++ /tmp/Lnxjq35k7R/libxml-parser-perl-2.34/debian/changelog	2006-09-16 12:22:57.000000000 +0200
@@ -1,3 +1,11 @@
+libxml-parser-perl (2.34-4.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix buffer overflow when reading UTF-8 data; patch from Joris van
+    Rantwijk. (Closes: #378411)
+
+ -- Steinar H. Gunderson <sesse at debian.org>  Fri, 15 Sep 2006 21:56:47 +0200
+
 libxml-parser-perl (2.34-4.1) unstable; urgency=high
 
   * NMU.
diff -Nru /tmp/uaIhTE9rkI/libxml-parser-perl-2.34/Expat/Expat.xs /tmp/Lnxjq35k7R/libxml-parser-perl-2.34/Expat/Expat.xs
--- /tmp/uaIhTE9rkI/libxml-parser-perl-2.34/Expat/Expat.xs	2006-09-16 12:22:57.000000000 +0200
+++ /tmp/Lnxjq35k7R/libxml-parser-perl-2.34/Expat/Expat.xs	2006-09-16 12:22:57.000000000 +0200
@@ -291,7 +291,6 @@
   char *	linebuff;
   STRLEN	lblen;
   STRLEN	br = 0;
-  int		buffsize;
   int		done = 0;
   int		ret = 1;
   char *	msg = NULL;
@@ -336,33 +335,27 @@
     }
 
     PUTBACK ;
-    buffsize = lblen;
     done = lblen == 0;
   }
   else {
     tbuff = newSV(0);
     tsiz = newSViv(BUFSIZE);
-    buffsize = BUFSIZE;
   }
 
   while (! done)
     {
-      char *buffer = XML_GetBuffer(parser, buffsize);
-
-      if (! buffer)
-	croak("Ran out of memory for input buffer");
+      char *buffer, *tb;
 
       SAVETMPS;
 
       if (cbv->delim) {
-	Copy(linebuff, buffer, lblen, char);
+	tb = linebuff;
 	br = lblen;
 	done = 1;
       }
       else {
 	int cnt;
 	SV * rdres;
-	char * tb;
 
 	PUSHMARK(SP);
 	EXTEND(SP, 3);
@@ -384,14 +377,22 @@
 	  croak("read error");
 
 	tb = SvPV(tbuff, br);
-	if (br > 0)
-	  Copy(tb, buffer, br, char);
-	else
+	/* br == number of bytes read from stream
+	   Note that it is possible that br > BUFSIZE if the input stream
+	   is decoding a non-ASCII source. */
+	if (br <= 0)
 	  done = 1;
 
 	PUTBACK ;
       }
 
+      buffer = XML_GetBuffer(parser, br);
+      if (! buffer)
+	croak("Ran out of memory for input buffer");
+
+      if (br > 0)
+        Copy(tb, buffer, br, char);
+
       ret = XML_ParseBuffer(parser, br, done);
 
       SPAGAIN; /* resync local SP in case callbacks changed global stack */

More information about the debian-xml-sgml-pkgs mailing list