From aecd2ee32967ea075f305c45d35f6b539ee702bd Mon Sep 17 00:00:00 2001 From: travankor Date: Sun, 22 Mar 2020 20:14:47 -0700 Subject: [PATCH] libxml2: fix CVE-2019-20388. --- srcpkgs/libxml2/patches/CVE-2019-20388.patch | 32 ++++++++++++++++++++ srcpkgs/libxml2/template | 2 +- 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 srcpkgs/libxml2/patches/CVE-2019-20388.patch diff --git a/srcpkgs/libxml2/patches/CVE-2019-20388.patch b/srcpkgs/libxml2/patches/CVE-2019-20388.patch new file mode 100644 index 00000000000..e1582f299de --- /dev/null +++ b/srcpkgs/libxml2/patches/CVE-2019-20388.patch @@ -0,0 +1,32 @@ +From 6088a74bcf7d0c42e24cff4594d804e1d3c9fbca Mon Sep 17 00:00:00 2001 +From: Zhipeng Xie +Date: Tue, 20 Aug 2019 16:33:06 +0800 +Subject: [PATCH] Fix memory leak in xmlSchemaValidateStream + +When ctxt->schema is NULL, xmlSchemaSAXPlug->xmlSchemaPreRun +alloc a new schema for ctxt->schema and set vctxt->xsiAssemble +to 1. Then xmlSchemaVStart->xmlSchemaPreRun initialize +vctxt->xsiAssemble to 0 again which cause the alloced schema +can not be freed anymore. + +Found with libFuzzer. + +Signed-off-by: Zhipeng Xie +--- + xmlschemas.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/xmlschemas.c b/xmlschemas.c +index 301c8449..39d92182 100644 +--- xmlschemas.c ++++ xmlschemas.c +@@ -28090,7 +28090,6 @@ xmlSchemaPreRun(xmlSchemaValidCtxtPtr vctxt) { + vctxt->nberrors = 0; + vctxt->depth = -1; + vctxt->skipDepth = -1; +- vctxt->xsiAssemble = 0; + vctxt->hasKeyrefs = 0; + #ifdef ENABLE_IDC_NODE_TABLES_TEST + vctxt->createIDCNodeTables = 1; +-- +2.24.1 diff --git a/srcpkgs/libxml2/template b/srcpkgs/libxml2/template index 2a421b78d38..cc5064905e6 100644 --- a/srcpkgs/libxml2/template +++ b/srcpkgs/libxml2/template @@ -4,7 +4,7 @@ # pkgname=libxml2 version=2.9.10 -revision=1 +revision=2 build_style=gnu-configure configure_args="--disable-static --with-threads --with-history --with-icu --without-python"