fix for CVE-2008-4226, a memory overflow when building gigantic text * SAX2.c parser.c: fix for CVE-2008-4226, a memory overflow when building gigantic text nodes, and a bit of cleanup to better handled out of memory problem in that code. * tree.c: fix for CVE-2008-4225, lack of testing leads to a busy loop test assuming one have enough core memory. Daniel svn path=/trunk/; revision=3803

commit: 1dc9feb00fd3bce5967304dcb388ea3ba7e964e6 [log] [tgz]
author: Daniel Veillard <veillard@src.gnome.org> Mon Nov 17 15:59:21 2008 +0000
committer: Daniel Veillard <veillard@src.gnome.org> Mon Nov 17 15:59:21 2008 +0000
tree: 3843278e61595bec1a5483f0e90bb75587671341
parent: 6b09901479303d1df1500d70194e39e74e6eb131 [diff] [blame]
diff --git a/parser.c b/parser.c
index 4b7b758..c52d360 100644
--- a/parser.c
+++ b/parser.c

@@ -4142,6 +4142,9 @@
                     line = ctxt->input->line;
                     col = ctxt->input->col;
 		}
+                /* something really bad happened in the SAX callback */
+                if (ctxt->instate != XML_PARSER_CONTENT)
+                    return;
 	    }
 	    ctxt->input->cur = in;
 	    if (*in == 0xD) {
@@ -4222,6 +4225,9 @@
 		}
 	    }
 	    nbchar = 0;
+            /* something really bad happened in the SAX callback */
+            if (ctxt->instate != XML_PARSER_CONTENT)
+                return;
 	}
 	count++;
 	if (count > 50) {
commit	1dc9feb00fd3bce5967304dcb388ea3ba7e964e6	[log] [tgz]
author	Daniel Veillard <veillard@src.gnome.org>	Mon Nov 17 15:59:21 2008 +0000
committer	Daniel Veillard <veillard@src.gnome.org>	Mon Nov 17 15:59:21 2008 +0000
tree	3843278e61595bec1a5483f0e90bb75587671341
parent	6b09901479303d1df1500d70194e39e74e6eb131 [diff] [blame]