libxml2: fix CVE-2019-20388.

2020-03-22 20:14:47 -07:00 · 2020-03-22 20:14:47 -07:00 · aecd2ee329
commit aecd2ee329
parent c9a07b8b38
2 changed files with 33 additions and 1 deletions
--- a/srcpkgs/libxml2/patches/CVE-2019-20388.patch
+++ b/srcpkgs/libxml2/patches/CVE-2019-20388.patch
@ -0,0 +1,32 @@
+From 6088a74bcf7d0c42e24cff4594d804e1d3c9fbca Mon Sep 17 00:00:00 2001
+From: Zhipeng Xie <xiezhipeng1@huawei.com>
+Date: Tue, 20 Aug 2019 16:33:06 +0800
+Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream
+
+When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun
+alloc a new schema for ctxt->schema and set vctxt->xsiAssemble
+to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize
+vctxt->xsiAssemble to 0 again which cause the alloced schema
+can not be freed anymore.
+
+Found with libFuzzer.
+
+Signed-off-by: Zhipeng Xie <xiezhipeng1@huawei.com>
+---
+ xmlschemas.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/xmlschemas.c b/xmlschemas.c
+index 301c8449..39d92182 100644
+--- xmlschemas.c
+++ xmlschemas.c
+@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) {
+     vctxt->nberrors = 0;
+     vctxt->depth = -1;
+     vctxt->skipDepth = -1;
+-    vctxt->xsiAssemble = 0;
+     vctxt->hasKeyrefs = 0;
+ #ifdef ENABLE_IDC_NODE_TABLES_TEST
+     vctxt->createIDCNodeTables = 1;
+-- 
+2.24.1
--- a/srcpkgs/libxml2/template
+++ b/srcpkgs/libxml2/template
@ -4,7 +4,7 @@
 #
 pkgname=libxml2
 version=2.9.10
-revision=1
+revision=2
 build_style=gnu-configure
 configure_args="--disable-static --with-threads --with-history --with-icu
 --without-python"