mozjs128/mozjs128-CVE-2024-45490-part01-5c1a3164.patch

29 lines
769 B
Diff

From 5c1a31642e243f4870c0bd1f2afc7597976521bf Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Mon, 19 Aug 2024 22:26:07 +0200
Subject: [PATCH] lib: Reject negative len for XML_ParseBuffer
References: CVE-2024-45490
References: bsc#1230036
Upstream: Backport from upstream
Reported by TaiYou
---
expat/lib/xmlparse.c | 6 ++++++
1 file changed, 6 insertions(+)
--- firefox-128.2.0/parser/expat/lib/xmlparse.c
+++ firefox-128.2.0_new/parser/expat/lib/xmlparse.c
@@ -1978,6 +1978,12 @@
if (parser == NULL)
return XML_STATUS_ERROR;
+
+ if (len < 0) {
+ parser->m_errorCode = XML_ERROR_INVALID_ARGUMENT;
+ return XML_STATUS_ERROR;
+ }
+
switch (ps_parsing) {
case XML_SUSPENDED:
errorCode = XML_ERROR_SUSPENDED;