[tbb-commits] [tor-browser] branch tor-browser-91.13.0esr-11.5-1 updated: Bug 1797336 - Apply expat CVE-2022-43680 fix. r=mccr8, a=dmeehan
gitolite role
git at cupani.torproject.org
Thu Nov 17 20:20:17 UTC 2022
This is an automated email from the git hooks/post-receive script.
richard pushed a commit to branch tor-browser-91.13.0esr-11.5-1
in repository tor-browser.
The following commit(s) were added to refs/heads/tor-browser-91.13.0esr-11.5-1 by this push:
new 147bc200fb10 Bug 1797336 - Apply expat CVE-2022-43680 fix. r=mccr8, a=dmeehan
147bc200fb10 is described below
commit 147bc200fb10ad3dcdee20bd6caa81163789a5b7
Author: Peter Van der Beken <peterv at propagandism.org>
AuthorDate: Sun Oct 30 19:12:03 2022 +0000
Bug 1797336 - Apply expat CVE-2022-43680 fix. r=mccr8, a=dmeehan
Differential Revision: https://phabricator.services.mozilla.com/D160676
---
parser/expat/lib/xmlparse.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/parser/expat/lib/xmlparse.c b/parser/expat/lib/xmlparse.c
index 05d5f0221e47..239f4fe281a7 100644
--- a/parser/expat/lib/xmlparse.c
+++ b/parser/expat/lib/xmlparse.c
@@ -1005,6 +1005,14 @@ parserCreate(const XML_Char *encodingName,
parserInit(parser, encodingName);
if (encodingName && !protocolEncodingName) {
+ if (dtd) {
+ // We need to stop the upcoming call to XML_ParserFree from happily
+ // destroying parser->m_dtd because the DTD is shared with the parent
+ // parser and the only guard that keeps XML_ParserFree from destroying
+ // parser->m_dtd is parser->m_isParamEntity but it will be set to
+ // XML_TRUE only later in XML_ExternalEntityParserCreate (or not at all).
+ parser->m_dtd = NULL;
+ }
XML_ParserFree(parser);
return NULL;
}
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the tbb-commits
mailing list