Patches for aports can be sent to this list

1

[alpine-aports] [PATCH] main/libxml2: fix null pointer dereference

Milan P. Stanić
Details
Message ID
<20190225125345.25093-1-mps@arvanta.net>
Sender timestamp
1551099225
DKIM signature
missing
Download raw message
Patch: +40 -2
fixes: #10034
bump pkgrel
---
 main/libxml2/APKBUILD                         |  6 ++--
 .../fix-null-pointer-dereference.patch        | 36 +++++++++++++++++++
 2 files changed, 40 insertions(+), 2 deletions(-)
 create mode 100644 main/libxml2/fix-null-pointer-dereference.patch

diff --git a/main/libxml2/APKBUILD b/main/libxml2/APKBUILD
index 120fab4118..fa7361a4e0 100644
--- a/main/libxml2/APKBUILD
+++ b/main/libxml2/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Carlo Landmeter <clandmeter@gmail.com>
 pkgname=libxml2
 pkgver=2.9.9
-pkgrel=0
+pkgrel=1
 pkgdesc="XML parsing library, version 2"
 url="http://www.xmlsoft.org/"
 arch="all"
@@ -14,6 +14,7 @@ subpackages="$pkgname-dbg $pkgname-doc $pkgname-dev $pkgname-utils
 	py-$pkgname:_py py2-$pkgname:_py py3-$pkgname:_py"
 options="!strip"
 source="http://xmlsoft.org/sources/$pkgname-$pkgver.tar.gz
+	fix-null-pointer-dereference.patch
 	"
 builddir="$srcdir/$pkgname-$pkgver"
 
@@ -108,4 +109,5 @@ utils() {
 	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
 }
 
-sha512sums="cb7784ba4e72e942614e12e4f83f4ceb275f3d738b30e3b5c1f25edf8e9fa6789e854685974eed95b362049dbf6c8e7357e0327d64c681ed390534ac154e6810  libxml2-2.9.9.tar.gz"
+sha512sums="cb7784ba4e72e942614e12e4f83f4ceb275f3d738b30e3b5c1f25edf8e9fa6789e854685974eed95b362049dbf6c8e7357e0327d64c681ed390534ac154e6810  libxml2-2.9.9.tar.gz
+83074e582cdba8bedff40fc653731ad18ca357bde8f1420e2e8a2a38998b951aebcb73ca5d51859be3b4d9bc1a0308836ca2bb612269edbc61b9dd6ebc7fdb2a  fix-null-pointer-dereference.patch"
diff --git a/main/libxml2/fix-null-pointer-dereference.patch b/main/libxml2/fix-null-pointer-dereference.patch
new file mode 100644
index 0000000000..64e7c58f17
--- /dev/null
+++ b/main/libxml2/fix-null-pointer-dereference.patch
@@ -0,0 +1,36 @@
+From 2c8dc7158a3b7b028454abcb6f162c4da28ed80b Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Mon, 25 Feb 2019 12:00:50 +0100
+Subject: [PATCH] Fix null pointer dereference in xmlTextReaderReadOuterXml
+
+Fix a regression caused by commit 39fbfb4f. If xmlTextReaderReadOuterXml
+is called on a pristine xmlReader, the current node is NULL and must not
+be dereferenced. Move the call to xmlTextReaderExpand to the start of
+the function to make sure that we have a valid node.
+
+Fixes #43.
+---
+ xmlreader.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/xmlreader.c b/xmlreader.c
+index cd1fb5fe..b8e98287 100644
+--- a/xmlreader.c
+@@ -1759,11 +1759,11 @@ xmlTextReaderReadOuterXml(xmlTextReaderPtr reader ATTRIBUTE_UNUSED)
+     xmlBufferPtr buff;
+     xmlDocPtr doc;
+ 
+-    node = reader->node;
+-    doc = node->doc;
+     if (xmlTextReaderExpand(reader) == NULL) {
+         return NULL;
+     }
++    node = reader->node;
++    doc = node->doc;
+     /* XXX: Why is the node copied? */
+ 	if (node->type == XML_DTD_NODE) {
+ 		node = (xmlNodePtr) xmlCopyDtd((xmlDtdPtr) node);
+-- 
+2.18.1
+
-- 
2.20.1



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Natanael Copa
Details
Message ID
<20190225153137.21dacdfa@ncopa-desktop.copa.dup.pw>
In-Reply-To
<20190225125345.25093-1-mps@arvanta.net> (view parent)
Sender timestamp
1551105097
DKIM signature
missing
Download raw message
On Mon, 25 Feb 2019 13:53:45 +0100
Milan P. Stani* <mps@arvanta.net> wrote:

> fixes: #10034
> bump pkgrel
> ---
>  main/libxml2/APKBUILD                         |  6 ++--
>  .../fix-null-pointer-dereference.patch        | 36 +++++++++++++++++++
>  2 files changed, 40 insertions(+), 2 deletions(-)
>  create mode 100644 main/libxml2/fix-null-pointer-dereference.patch

Applied with minor changes in commit message

Thanks!

-nc


---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---