From 399e6d2e693ebb2a202146feaed094080c14b79be1874957a80155867ad7b186 Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Sat, 16 Dec 2023 19:11:15 +0000 Subject: [PATCH] Accepting request 1133455 from home:aschnell:branches:devel:libraries:c_c++ - avoid assertion on certain malformed input including null-byte (bsc#1218040) - added tinyxml-null-byte-assert.patch OBS-URL: https://build.opensuse.org/request/show/1133455 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/tinyxml?expand=0&rev=21 --- tinyxml-null-byte-assert.patch | 12 ++++++++++++ tinyxml.changes | 16 +++++++++++----- tinyxml.spec | 4 +++- 3 files changed, 26 insertions(+), 6 deletions(-) create mode 100644 tinyxml-null-byte-assert.patch diff --git a/tinyxml-null-byte-assert.patch b/tinyxml-null-byte-assert.patch new file mode 100644 index 0000000..8d2d5e3 --- /dev/null +++ b/tinyxml-null-byte-assert.patch @@ -0,0 +1,12 @@ +--- a/tinyxmlparser.cpp 2011-05-15 04:24:57.000000000 +0200 ++++ b/tinyxmlparser.cpp 2023-12-15 12:06:34.919095166 +0100 +@@ -1600,6 +1600,9 @@ + } + + p = SkipWhiteSpace( p, _encoding ); ++ if (!p || !*p) ++ break; ++ + if ( StringEqual( p, "version", true, _encoding ) ) + { + TiXmlAttribute attrib; diff --git a/tinyxml.changes b/tinyxml.changes index b3e46ec..9fefea7 100644 --- a/tinyxml.changes +++ b/tinyxml.changes @@ -1,8 +1,15 @@ +------------------------------------------------------------------- +Fri Dec 15 15:02:44 CET 2023 - aschnell@suse.com + +- avoid assertion on certain malformed input including null-byte + (bsc#1218040) +- added tinyxml-null-byte-assert.patch + ------------------------------------------------------------------- Mon Oct 25 14:32:25 UTC 2021 - Christian Vögl - Added tinyxml-2.62-fix-infinite-loop.patch to fix an infinite loop - for inputs containing the sequence 0xEF0x00 (bsc#1191576) + for inputs containing the sequence 0xEF0x00 (bsc#1191576) ------------------------------------------------------------------- Sun May 13 12:19:58 UTC 2012 - lists.nico.k@googlemail.com @@ -14,7 +21,7 @@ Sun May 13 12:19:58 UTC 2012 - lists.nico.k@googlemail.com * Removed the old, now unmaintained and likely not working, build files. * Fixed some static analysis issues reported by orbitcowboy - from cppcheck. + from cppcheck. * Bayard 95 sent in analysis from a different analyzer - fixes applied from that as well. * Tim Kosse sent a patch fixing an infinite loop. @@ -27,13 +34,13 @@ Sun May 13 12:19:58 UTC 2012 - lists.nico.k@googlemail.com ------------------------------------------------------------------- Fri Mar 2 01:25:08 UTC 2012 - crrodriguez@opensuse.org -- Ensure the generated config.h file gets included +- Ensure the generated config.h file gets included in all C++ files during build... ------------------------------------------------------------------- Fri Mar 2 01:18:24 UTC 2012 - crrodriguez@opensuse.org -- Make tinyxml slightly tinier by building it with +- Make tinyxml slightly tinier by building it with -fvisibility-inlines-hidden. - Also build with full RELRO and bsymbolic-functions @@ -115,4 +122,3 @@ Fri Dec 14 00:00:00 CET 2007 - j.w.r.degoede@hhs.nl 2.5.3-2 Fri Nov 30 00:00:00 CET 2007 - j.w.r.degoede@hhs.nl 2.5.3-1 - Initial Fedora Package - diff --git a/tinyxml.spec b/tinyxml.spec index c9f049c..bfbd75b 100644 --- a/tinyxml.spec +++ b/tinyxml.spec @@ -1,7 +1,7 @@ # # spec file for package tinyxml # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -35,6 +35,7 @@ Source5: Makefile.am.docs Patch0: tinyxml-c_headers.patch Patch1: tinyxml-entity.patch Patch2: tinyxml-2.62-fix-infinite-loop.patch +Patch3: tinyxml-null-byte-assert.patch URL: http://sourceforge.net/projects/tinyxml BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: gcc-c++ @@ -87,6 +88,7 @@ libtinyxml %patch0 %patch1 %patch2 -p1 +%patch3 -p1 mkdir -p m4 cp %{S:1} %{S:2} %{S:3} %{S:4} . cp %{S:5} docs/Makefile.am