Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 412860 Details for
Bug 561452
<app-text/htmltidy-20090325-r2 <dev-ruby/tidy-ext-0.1.14-r3: Two Denial of Service Vulnerabilities (CVE-2015-{5522,5523})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch issued by tidy-html5 fork
11CVE-2015-5522.patch (text/plain), 1.35 KB, created by
Sylvia
on 2015-09-25 11:46:12 UTC
(
hide
)
Description:
patch issued by tidy-html5 fork
Filename:
MIME Type:
Creator:
Sylvia
Created:
2015-09-25 11:46:12 UTC
Size:
1.35 KB
patch
obsolete
>From c18f27a58792f7fbd0b30a0ff50d6b40a82f940d Mon Sep 17 00:00:00 2001 >From: Geoff McLane <ubuntu@geoffair.info> >Date: Wed, 3 Jun 2015 20:26:03 +0200 >Subject: [PATCH] Issue #217 - avoid len going negative, ever... > >--- > src/lexer.c | 8 +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) > >diff --git a/src/lexer.c b/src/lexer.c >index 376a3d8..664f806 100644 >--- a/src/lexer.c >+++ b/src/lexer.c >@@ -3739,16 +3740,17 @@ static tmbstr ParseValue( TidyDocImpl* doc, ctmbstr name, > /* and prompts attributes unless --literal-attributes is set to yes */ > /* #994841 - Whitespace is removed from value attributes */ > >- if (munge && >+ /* Issue #217 - Also only if/while (len > 0) - MUST NEVER GO NEGATIVE! */ >+ if ((len > 0) && munge && > TY_(tmbstrcasecmp)(name, "alt") && > TY_(tmbstrcasecmp)(name, "title") && > TY_(tmbstrcasecmp)(name, "value") && > TY_(tmbstrcasecmp)(name, "prompt")) > { >- while (TY_(IsWhite)(lexer->lexbuf[start+len-1])) >+ while (TY_(IsWhite)(lexer->lexbuf[start+len-1]) && (len > 0)) > --len; > >- while (TY_(IsWhite)(lexer->lexbuf[start]) && start < len) >+ while (TY_(IsWhite)(lexer->lexbuf[start]) && (start < len) && (len > 0)) > { > ++start; > --len;
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 561452
: 412860 |
438954