diff options
Diffstat (limited to 'dev-libs/tinyxml/files/tinyxml-2.6.2-CVE-2021-42260.patch')
-rw-r--r-- | dev-libs/tinyxml/files/tinyxml-2.6.2-CVE-2021-42260.patch | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/dev-libs/tinyxml/files/tinyxml-2.6.2-CVE-2021-42260.patch b/dev-libs/tinyxml/files/tinyxml-2.6.2-CVE-2021-42260.patch new file mode 100644 index 000000000000..d9eeb45c73b5 --- /dev/null +++ b/dev-libs/tinyxml/files/tinyxml-2.6.2-CVE-2021-42260.patch @@ -0,0 +1,23 @@ +Description: In stamp always advance the pointer if *p= 0xef + . + The current implementation only advanced if 0xef is followed + by two non-zero bytes. In case of malformed input (0xef should be + the start byte of a three byte character) this leads to an infinite + loop. (CVE-2021-42260) +Origin: https://sourceforge.net/p/tinyxml/git/merge-requests/1/ + +--- a/tinyxmlparser.cpp ++++ b/tinyxmlparser.cpp +@@ -274,6 +274,12 @@ void TiXmlParsingData::Stamp( const char* now, TiXmlEncoding encoding ) + else + { p +=3; ++col; } // A normal character. + } ++ else ++ { ++ // TIXML_UTF_LEAD_0 (239) is the start character of a 3 byte sequence, so ++ // there is something wrong here. Just advance the pointer to evade infinite loops ++ ++p; ++ } + } + else + { |