mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-30 12:29:55 +00:00
Code Issues Projects Releases Wiki Activity

libxml2: Fix more NULL pointer derefs

Browse Source 
The NULL pointer dereferencing could produced some
security problems.
This is a preventive security fix.

(From OE-Core rev: 8f3008114d5000a0865f50833db7c3a3f9808601)

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Andrej Valek
2016-12-12 14:20:21 +01:00
committed by Richard Purdie
parent aa346581fd
commit 1ffb967de6
2 changed files with 47 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
+46
View File
@@ -0,0 +1,46 @@
libxml2-2.9.4: Fix more NULL pointer derefs
xpointer: Fix more NULL pointer derefs
Upstream-Status: Backported [https://git.gnome.org/browse/libxml2/commit/?id=e905f08123e4a6e7731549e6f09dadff4cab65bd]
CVE: -
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
diff --git a/xpointer.c b/xpointer.c
index 676c510..074db24 100644
--- a/xpointer.c
+++ b/xpointer.c
@@ -555,7 +555,7 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
/*
* Empty set ...
*/
- if (end->nodesetval->nodeNr <= 0)
+ if ((end->nodesetval == NULL) || (end->nodesetval->nodeNr <= 0))
return(NULL);
break;
default:
@@ -1400,7 +1400,7 @@ xmlXPtrEval(const xmlChar *str, xmlXPathContextPtr ctx) {
*/
xmlNodeSetPtr set;
set = tmp->nodesetval;
- if ((set->nodeNr != 1) ||
+ if ((set == NULL) || (set->nodeNr != 1) ||
(set->nodeTab[0] != (xmlNodePtr) ctx->doc))
stack++;
} else
@@ -2073,9 +2073,11 @@ xmlXPtrRangeFunction(xmlXPathParserContextPtr ctxt, int nargs) {
xmlXPathFreeObject(set);
XP_ERROR(XPATH_MEMORY_ERROR);
}
- for (i = 0;i < oldset->locNr;i++) {
- xmlXPtrLocationSetAdd(newset,
- xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
+ if (oldset != NULL) {
+ for (i = 0;i < oldset->locNr;i++) {
+ xmlXPtrLocationSetAdd(newset,
+ xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
+ }
}
/*
meta/recipes-core/libxml/libxml2_2.9.4.bb
+1
View File
@@ -22,6 +22,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
file://libxml2-fix_node_comparison.patch \ file://libxml2-fix_node_comparison.patch \
file://libxml2-CVE-2016-5131.patch \ file://libxml2-CVE-2016-5131.patch \
file://libxml2-CVE-2016-4658.patch \ file://libxml2-CVE-2016-4658.patch \
file://libxml2-fix_NULL_pointer_derefs.patch \
" "
SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5" SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5"