Bug#1104789: libhtml-gumbo-perl: erratic behavior on the unsupported template HTML element - GUMBO_NODE_TEMPLATE node type

Niko Tyni ntyni at debian.org
Sat May 17 10:57:23 BST 2025


Control: tag -1 patch

On Tue, May 06, 2025 at 03:48:52PM +0200, Vincent Lefevre wrote:
> Package: libhtml-gumbo-perl
> Version: 0.18-4+b1
> Severity: serious
> Tags: security upstream
> Justification: security
> Forwarded: https://github.com/ruz/HTML-Gumbo/issues/6
> X-Debbugs-Cc: Debian Security Team <team at security.debian.org>
> 
> I get erratic behavior on the template HTML element, e.g. on
> the HTML file "<template>". For instance:

> ==64955== Command: perl -C -MHTML::Gumbo -e print\ HTML::Gumbo-\>new-\>parse('\<template\>',\ format\ =\>\ 'string');
> ==64955==
> ==64955== Conditional jump or move depends on uninitialised value(s)
> ==64955==    at 0x484DC89: strlen (vg_replace_strmem.c:505)
> ==64955==    by 0x2AD7DF: ??? (in /usr/bin/perl)
> ==64955==    by 0x486D6CE: tree_to_string (Gumbo.xs:189)
> ==64955==    by 0x486E2C4: walk_tree.isra.0 (Gumbo.xs:55)
> ==64955==    by 0x486E2C4: walk_tree.isra.0 (Gumbo.xs:55)
> ==64955==    by 0x486E2C4: walk_tree.isra.0 (Gumbo.xs:55)
> ==64955==    by 0x486E41B: parse_to_string_cb (Gumbo.xs:505)

The attached change does not make HTML::Gumbo support <template>
properly but seems to plug this specific hole, and hence the
known security aspects.

I've checked that this doesn't break the (not very extensive) test
suite, and that the only reverse dependency in trixie, request-tracker5,
still builds with this.

Tentatively tagging 'patch', but eyeballs would be good.

I think full support for <template> should be a separate wishlist bug.
-- 
Niko Tyni ntyni at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fix-wrong-code-path-with-GUMBO_NODE_TEMPLATE.patch
Type: text/x-diff
Size: 1977 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-perl-maintainers/attachments/20250517/0ecd65b3/attachment-0001.patch>


More information about the pkg-perl-maintainers mailing list