mozjs128/mozjs128-CVE-2024-45490-part01-5c1a3164.patch

From 5c1a31642e243f4870c0bd1f2afc7597976521bf Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Mon, 19 Aug 2024 22:26:07 +0200
Subject: [PATCH] lib: Reject negative len for XML_ParseBuffer
References: CVE-2024-45490
References: bsc#1230036
Upstream: Backport from upstream

Reported by TaiYou
---
 expat/lib/xmlparse.c | 6 ++++++
 1 file changed, 6 insertions(+)

--- firefox-128.2.0/parser/expat/lib/xmlparse.c
+++ firefox-128.2.0_new/parser/expat/lib/xmlparse.c
@@ -1978,6 +1978,12 @@

   if (parser == NULL)
     return XML_STATUS_ERROR;
+
+  if (len < 0) {
+    parser->m_errorCode = XML_ERROR_INVALID_ARGUMENT;
+    return XML_STATUS_ERROR;
+  }
+
   switch (ps_parsing) {
   case XML_SUSPENDED:
     errorCode = XML_ERROR_SUSPENDED;
Sync from SUSE:SLFO:Main mozjs128 revision bd2739d04598be6724dba1a7c20d1d1c 2024-11-12 12:30:48 +01:00			`From 5c1a31642e243f4870c0bd1f2afc7597976521bf Mon Sep 17 00:00:00 2001`
			`From: Sebastian Pipping <sebastian@pipping.org>`
			`Date: Mon, 19 Aug 2024 22:26:07 +0200`
			`Subject: [PATCH] lib: Reject negative len for XML_ParseBuffer`
			`References: CVE-2024-45490`
			`References: bsc#1230036`
			`Upstream: Backport from upstream`

			`Reported by TaiYou`
			`---`
			`expat/lib/xmlparse.c \| 6 ++++++`
			`1 file changed, 6 insertions(+)`

			`--- firefox-128.2.0/parser/expat/lib/xmlparse.c`
			`+++ firefox-128.2.0_new/parser/expat/lib/xmlparse.c`
			`@@ -1978,6 +1978,12 @@`

			`if (parser == NULL)`
			`return XML_STATUS_ERROR;`
			`+`
			`+ if (len < 0) {`
			`+ parser->m_errorCode = XML_ERROR_INVALID_ARGUMENT;`
			`+ return XML_STATUS_ERROR;`
			`+ }`
			`+`
			`switch (ps_parsing) {`
			`case XML_SUSPENDED:`
			`errorCode = XML_ERROR_SUSPENDED;`