On Mon, Sep 15, 2008 at 08:55:10AM -0700, Kees Cook wrote:
> As far as I know, this patch matches the upstream changes for the
> problem. Please see:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=460396
Actually there are differences between upstream and ubuntu changes:
(a is ubuntu, b is upstream)
diff -u a/parser.c b/parser.c
--- a/parser.c
+++ b/parser.c
@@ -2390,7 +2390,6 @@
*/
#define growBuffer(buffer) { \
xmlChar *tmp; \
- buffer##_size += XML_PARSER_BUFFER_SIZE ; \
buffer##_size *= 2;
\
tmp = (xmlChar *) \
xmlRealloc(buffer, buffer##_size * sizeof(xmlChar)); \
@@ -3451,7 +3450,7 @@
* Just output the reference
*/
buf[len++] = '&';
- while (len > buf_size - i - 10) {
+ if (len > buf_size - i - 10) {
growBuffer(buf);
}
for (;i > 0;i--)
@@ -6476,8 +6475,6 @@
} else if (list != NULL) {
xmlFreeNodeList(list);
list = NULL;
- } else if (ent->owner != 1) {
- ctxt->nbentities += ent->owner;
}
}
ent->checked = 1;
@@ -6668,6 +6665,8 @@
ctxt->nodelen = 0;
return;
}
+ } else if (ent->owner != 1) {
+ ctxt->nbentities += ent->owner;
}
} else {
val = ent->content;
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
