diff options
author | V3n3RiX <venerix@koprulu.sector> | 2023-08-27 16:00:10 +0100 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2023-08-27 16:00:10 +0100 |
commit | 9f51c386724b9543e88a9c0e1be57d44326f3116 (patch) | |
tree | d351bdf5964a53a79ca2c9cec1123b234cd321ed /dev-libs/tinyxml/files | |
parent | fdfde9fd41778789aaab6711adb9e4cc31c28360 (diff) |
gentoo auto-resync : 27:08:2023 - 16:00:10
Diffstat (limited to 'dev-libs/tinyxml/files')
-rw-r--r-- | dev-libs/tinyxml/files/tinyxml-2.6.2-CVE-2021-42260.patch | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/dev-libs/tinyxml/files/tinyxml-2.6.2-CVE-2021-42260.patch b/dev-libs/tinyxml/files/tinyxml-2.6.2-CVE-2021-42260.patch new file mode 100644 index 000000000000..d9eeb45c73b5 --- /dev/null +++ b/dev-libs/tinyxml/files/tinyxml-2.6.2-CVE-2021-42260.patch @@ -0,0 +1,23 @@ +Description: In stamp always advance the pointer if *p= 0xef + . + The current implementation only advanced if 0xef is followed + by two non-zero bytes. In case of malformed input (0xef should be + the start byte of a three byte character) this leads to an infinite + loop. (CVE-2021-42260) +Origin: https://sourceforge.net/p/tinyxml/git/merge-requests/1/ + +--- a/tinyxmlparser.cpp ++++ b/tinyxmlparser.cpp +@@ -274,6 +274,12 @@ void TiXmlParsingData::Stamp( const char* now, TiXmlEncoding encoding ) + else + { p +=3; ++col; } // A normal character. + } ++ else ++ { ++ // TIXML_UTF_LEAD_0 (239) is the start character of a 3 byte sequence, so ++ // there is something wrong here. Just advance the pointer to evade infinite loops ++ ++p; ++ } + } + else + { |