rouault opened a new pull request #47: URL: https://github.com/apache/xerces-c/pull/47
The fix consists in adding a new argument to pushReader() to specify if ReaderMgr must own the passed entity, and adapt callers to specify the right value of this ownership flag depending on the calling context. SPDX-FileCopyrightText: Portions Copyright 2021 Siemens Modified on 15-Jul-2021 by Siemens and/or its affiliates to fix CVE-2018-1311: Apache Xerces-C use-after-free vulnerability scanning external DTD. Copyright 2021 Siemens. Co-authored-by: Even Rouault <even.roua...@spatialys.com> Supersedes https://github.com/apache/xerces-c/pull/46 (avoids the memory leak in the unit tests) @johnjamesmccann Do you have access to a reproducer to confirm it fixes the issue ? I couldn't easily find a reproducer -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
