textproc/libxml2/files/patch-CVE-2008-3529


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

--- parser.c.orig	2008-09-03 15:55:59.000000000 +0200
+++ parser.c	2008-09-03 16:30:22.000000000 +0200
@@ -2301,6 +2301,7 @@ xmlParserHandlePEReference(xmlParserCtxt
  */
 #define growBuffer(buffer) {						\
     xmlChar *tmp;							\
+    buffer##_size += XML_PARSER_BUFFER_SIZE ;				\
     buffer##_size *= 2;							\
     tmp = (xmlChar *)							\
 		xmlRealloc(buffer, buffer##_size * sizeof(xmlChar));	\
@@ -3341,7 +3342,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr
 		     * Just output the reference
 		     */
 		    buf[len++] = '&';
-		    if (len > buf_size - i - 10) {
+		    while (len > buf_size - i - 10) {
 			growBuffer(buf);
 		    }
 		    for (;i > 0;i--)