Package: libxml-parser-perl Version: 2.34-4.1 Severity: normal Tags: patch Hi,
Attached is the diff for my libxml-parser-perl 2.34-4.2 NMU.
diff -Nru /tmp/uaIhTE9rkI/libxml-parser-perl-2.34/debian/changelog /tmp/Lnxjq35k7R/libxml-parser-perl-2.34/debian/changelog --- /tmp/uaIhTE9rkI/libxml-parser-perl-2.34/debian/changelog 2006-09-16 12:22:57.000000000 +0200 +++ /tmp/Lnxjq35k7R/libxml-parser-perl-2.34/debian/changelog 2006-09-16 12:22:57.000000000 +0200 @@ -1,3 +1,11 @@ +libxml-parser-perl (2.34-4.2) unstable; urgency=medium + + * Non-maintainer upload. + * Fix buffer overflow when reading UTF-8 data; patch from Joris van + Rantwijk. (Closes: #378411) + + -- Steinar H. Gunderson <[EMAIL PROTECTED]> Fri, 15 Sep 2006 21:56:47 +0200 + libxml-parser-perl (2.34-4.1) unstable; urgency=high * NMU. diff -Nru /tmp/uaIhTE9rkI/libxml-parser-perl-2.34/Expat/Expat.xs /tmp/Lnxjq35k7R/libxml-parser-perl-2.34/Expat/Expat.xs --- /tmp/uaIhTE9rkI/libxml-parser-perl-2.34/Expat/Expat.xs 2006-09-16 12:22:57.000000000 +0200 +++ /tmp/Lnxjq35k7R/libxml-parser-perl-2.34/Expat/Expat.xs 2006-09-16 12:22:57.000000000 +0200 @@ -291,7 +291,6 @@ char * linebuff; STRLEN lblen; STRLEN br = 0; - int buffsize; int done = 0; int ret = 1; char * msg = NULL; @@ -336,33 +335,27 @@ } PUTBACK ; - buffsize = lblen; done = lblen == 0; } else { tbuff = newSV(0); tsiz = newSViv(BUFSIZE); - buffsize = BUFSIZE; } while (! done) { - char *buffer = XML_GetBuffer(parser, buffsize); - - if (! buffer) - croak("Ran out of memory for input buffer"); + char *buffer, *tb; SAVETMPS; if (cbv->delim) { - Copy(linebuff, buffer, lblen, char); + tb = linebuff; br = lblen; done = 1; } else { int cnt; SV * rdres; - char * tb; PUSHMARK(SP); EXTEND(SP, 3); @@ -384,14 +377,22 @@ croak("read error"); tb = SvPV(tbuff, br); - if (br > 0) - Copy(tb, buffer, br, char); - else + /* br == number of bytes read from stream + Note that it is possible that br > BUFSIZE if the input stream + is decoding a non-ASCII source. */ + if (br <= 0) done = 1; PUTBACK ; } + buffer = XML_GetBuffer(parser, br); + if (! buffer) + croak("Ran out of memory for input buffer"); + + if (br > 0) + Copy(tb, buffer, br, char); + ret = XML_ParseBuffer(parser, br, done); SPAGAIN; /* resync local SP in case callbacks changed global stack */