Bug#387720: diff for 2.34-4.2 NMU

Steinar H. Gunderson Sat, 16 Sep 2006 03:39:03 -0700

Package: libxml-parser-perl
Version: 2.34-4.1
Severity: normal
Tags: patch

Hi,


Attached is the diff for my libxml-parser-perl 2.34-4.2 NMU.

diff -Nru /tmp/uaIhTE9rkI/libxml-parser-perl-2.34/debian/changelog 
/tmp/Lnxjq35k7R/libxml-parser-perl-2.34/debian/changelog
--- /tmp/uaIhTE9rkI/libxml-parser-perl-2.34/debian/changelog    2006-09-16 
12:22:57.000000000 +0200
+++ /tmp/Lnxjq35k7R/libxml-parser-perl-2.34/debian/changelog    2006-09-16 
12:22:57.000000000 +0200
@@ -1,3 +1,11 @@
+libxml-parser-perl (2.34-4.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix buffer overflow when reading UTF-8 data; patch from Joris van
+    Rantwijk. (Closes: #378411)
+
+ -- Steinar H. Gunderson <[EMAIL PROTECTED]>  Fri, 15 Sep 2006 21:56:47 +0200
+
 libxml-parser-perl (2.34-4.1) unstable; urgency=high
 
   * NMU.
diff -Nru /tmp/uaIhTE9rkI/libxml-parser-perl-2.34/Expat/Expat.xs 
/tmp/Lnxjq35k7R/libxml-parser-perl-2.34/Expat/Expat.xs
--- /tmp/uaIhTE9rkI/libxml-parser-perl-2.34/Expat/Expat.xs      2006-09-16 
12:22:57.000000000 +0200
+++ /tmp/Lnxjq35k7R/libxml-parser-perl-2.34/Expat/Expat.xs      2006-09-16 
12:22:57.000000000 +0200
@@ -291,7 +291,6 @@
   char *       linebuff;
   STRLEN       lblen;
   STRLEN       br = 0;
-  int          buffsize;
   int          done = 0;
   int          ret = 1;
   char *       msg = NULL;
@@ -336,33 +335,27 @@
     }
 
     PUTBACK ;
-    buffsize = lblen;
     done = lblen == 0;
   }
   else {
     tbuff = newSV(0);
     tsiz = newSViv(BUFSIZE);
-    buffsize = BUFSIZE;
   }
 
   while (! done)
     {
-      char *buffer = XML_GetBuffer(parser, buffsize);
-
-      if (! buffer)
-       croak("Ran out of memory for input buffer");
+      char *buffer, *tb;
 
       SAVETMPS;
 
       if (cbv->delim) {
-       Copy(linebuff, buffer, lblen, char);
+       tb = linebuff;
        br = lblen;
        done = 1;
       }
       else {
        int cnt;
        SV * rdres;
-       char * tb;
 
        PUSHMARK(SP);
        EXTEND(SP, 3);
@@ -384,14 +377,22 @@
          croak("read error");
 
        tb = SvPV(tbuff, br);
-       if (br > 0)
-         Copy(tb, buffer, br, char);
-       else
+       /* br == number of bytes read from stream
+          Note that it is possible that br > BUFSIZE if the input stream
+          is decoding a non-ASCII source. */
+       if (br <= 0)
          done = 1;
 
        PUTBACK ;
       }
 
+      buffer = XML_GetBuffer(parser, br);
+      if (! buffer)
+       croak("Ran out of memory for input buffer");
+
+      if (br > 0)
+        Copy(tb, buffer, br, char);
+
       ret = XML_ParseBuffer(parser, br, done);
 
       SPAGAIN; /* resync local SP in case callbacks changed global stack */

Bug#387720: diff for 2.34-4.2 NMU

Reply via email to