[tbb-commits] [tor-browser] 31/46: Bug 1797336 - Apply expat CVE-2022-43680 fix. r=mccr8, a=dmeehan

[gitolite role]

This is an automated email from the git hooks/post-receive script.

richard pushed a commit to branch base-browser-102.5.0esr-12.0-1
in repository tor-browser.

commit 2d8b4d7c0bd1fe183df5352cd408595d8ad484a1
Author: Peter Van der Beken <peterv at propagandism.org>
AuthorDate: Sun Oct 30 19:12:03 2022 +0000

    Bug 1797336 - Apply expat CVE-2022-43680 fix. r=mccr8, a=dmeehan
    
    Differential Revision: https://phabricator.services.mozilla.com/D160676
---
 parser/expat/lib/xmlparse.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/parser/expat/lib/xmlparse.c b/parser/expat/lib/xmlparse.c
index 3ef459664a85..8bff74c219e4 100644
--- a/parser/expat/lib/xmlparse.c
+++ b/parser/expat/lib/xmlparse.c
@@ -1009,6 +1009,14 @@ parserCreate(const XML_Char *encodingName,
   parserInit(parser, encodingName);
 
   if (encodingName && !protocolEncodingName) {
+    if (dtd) {
+      // We need to stop the upcoming call to XML_ParserFree from happily
+      // destroying parser->m_dtd because the DTD is shared with the parent
+      // parser and the only guard that keeps XML_ParserFree from destroying
+      // parser->m_dtd is parser->m_isParamEntity but it will be set to
+      // XML_TRUE only later in XML_ExternalEntityParserCreate (or not at all).
+      parser->m_dtd = NULL;
+    }
     XML_ParserFree(parser);
     return NULL;
   }

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.