Codebase list tinyxml / 38db99c
Import fix for CVE-2021-42260. Felix Geyer 2 years ago
3 changed file(s) with 31 addition(s) and 0 deletion(s). Raw diff Collapse all Expand all
+7
-0
debian/changelog less more
0 tinyxml (2.6.2-6) UNRELEASED; urgency=medium
1
2 * Import fix for CVE-2021-42260.
3 - Add CVE-2021-42260.patch
4
5 -- Felix Geyer <fgeyer@debian.org> Sun, 12 Dec 2021 23:49:05 +0100
6
07 tinyxml (2.6.2-5) unstable; urgency=medium
18
29 [ Felix Geyer ]
+23
-0
debian/patches/CVE-2021-42260.patch less more
0 Description: In stamp always advance the pointer if *p= 0xef
1 .
2 The current implementation only advanced if 0xef is followed
3 by two non-zero bytes. In case of malformed input (0xef should be
4 the start byte of a three byte character) this leads to an infinite
5 loop. (CVE-2021-42260)
6 Origin: https://sourceforge.net/p/tinyxml/git/merge-requests/1/
7
8 --- a/tinyxmlparser.cpp
9 +++ b/tinyxmlparser.cpp
10 @@ -274,6 +274,12 @@ void TiXmlParsingData::Stamp( const char* now, TiXmlEncoding encoding )
11 else
12 { p +=3; ++col; } // A normal character.
13 }
14 + else
15 + {
16 + // TIXML_UTF_LEAD_0 (239) is the start character of a 3 byte sequence, so
17 + // there is something wrong here. Just advance the pointer to evade infinite loops
18 + ++p;
19 + }
20 }
21 else
22 {
+1
-0
debian/patches/series less more
00 enforce-use-stl.patch
11 entity-encoding.patch
2 CVE-2021-42260.patch