raptor2/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch
DistroBaker 01ee6f890f Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/raptor2.git#7854f39a86c4bf78f17a7df289d5d0ea3da75dac
2021-01-11 12:19:07 +00:00

34 lines
1.2 KiB
Diff

From a549457461874157c8c8e8e8a6e0eec06da4fbd0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
Date: Tue, 24 Nov 2020 10:30:20 +0000
Subject: [PATCH] CVE-2020-25713 raptor2: malformed input file can lead to a
segfault
due to an out of bounds array access in
raptor_xml_writer_start_element_common
See:
https://bugs.mageia.org/show_bug.cgi?id=27605
https://www.openwall.com/lists/oss-security/2020/11/13/1
https://gerrit.libreoffice.org/c/core/+/106249
---
src/raptor_xml_writer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
index 56993dc3..4426d38c 100644
--- a/src/raptor_xml_writer.c
+++ b/src/raptor_xml_writer.c
@@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
/* check it wasn't an earlier declaration too */
for(j = 0; j < nspace_declarations_count; j++)
- if(nspace_declarations[j].nspace == element->attributes[j]->nspace) {
+ if(nspace_declarations[j].nspace == element->attributes[i]->nspace) {
declare_me = 0;
break;
}
--
2.28.0