|
|
9728d7 |
diff -up firefox-91.7.0/parser/expat/lib/xmltok.c.expat-CVE-2022-25235 firefox-91.7.0/parser/expat/lib/xmltok.c
|
|
|
9728d7 |
--- firefox-91.7.0/parser/expat/lib/xmltok.c.expat-CVE-2022-25235 2022-03-02 17:57:38.364361168 +0100
|
|
|
9728d7 |
+++ firefox-91.7.0/parser/expat/lib/xmltok.c 2022-03-02 17:58:22.235512399 +0100
|
|
|
9728d7 |
@@ -65,13 +65,6 @@
|
|
|
9728d7 |
+ ((((byte)[2]) >> 5) & 1)] \
|
|
|
9728d7 |
& (1u << (((byte)[2]) & 0x1F)))
|
|
|
9728d7 |
|
|
|
9728d7 |
-#define UTF8_GET_NAMING(pages, p, n) \
|
|
|
9728d7 |
- ((n) == 2 \
|
|
|
9728d7 |
- ? UTF8_GET_NAMING2(pages, (const unsigned char *)(p)) \
|
|
|
9728d7 |
- : ((n) == 3 \
|
|
|
9728d7 |
- ? UTF8_GET_NAMING3(pages, (const unsigned char *)(p)) \
|
|
|
9728d7 |
- : 0))
|
|
|
9728d7 |
-
|
|
|
9728d7 |
/* Detection of invalid UTF-8 sequences is based on Table 3.1B
|
|
|
9728d7 |
of Unicode 3.2: http://www.unicode.org/unicode/reports/tr28/
|
|
|
9728d7 |
with the additional restriction of not allowing the Unicode
|
|
|
9728d7 |
diff -up firefox-91.7.0/parser/expat/lib/xmltok_impl.c.expat-CVE-2022-25235 firefox-91.7.0/parser/expat/lib/xmltok_impl.c
|
|
|
9728d7 |
--- firefox-91.7.0/parser/expat/lib/xmltok_impl.c.expat-CVE-2022-25235 2022-03-02 17:57:38.365361172 +0100
|
|
|
9728d7 |
+++ firefox-91.7.0/parser/expat/lib/xmltok_impl.c 2022-03-02 18:04:51.240853247 +0100
|
|
|
9728d7 |
@@ -34,7 +34,7 @@
|
|
|
9728d7 |
case BT_LEAD ## n: \
|
|
|
9728d7 |
if (end - ptr < n) \
|
|
|
9728d7 |
return XML_TOK_PARTIAL_CHAR; \
|
|
|
9728d7 |
- if (!IS_NAME_CHAR(enc, ptr, n)) { \
|
|
|
9728d7 |
+ if (IS_INVALID_CHAR(enc, ptr, n) || ! IS_NAME_CHAR(enc, ptr, n)) { \
|
|
|
9728d7 |
*nextTokPtr = ptr; \
|
|
|
9728d7 |
return XML_TOK_INVALID; \
|
|
|
9728d7 |
} \
|
|
|
9728d7 |
@@ -62,7 +62,7 @@
|
|
|
9728d7 |
case BT_LEAD ## n: \
|
|
|
9728d7 |
if (end - ptr < n) \
|
|
|
9728d7 |
return XML_TOK_PARTIAL_CHAR; \
|
|
|
9728d7 |
- if (!IS_NMSTRT_CHAR(enc, ptr, n)) { \
|
|
|
9728d7 |
+ if (IS_INVALID_CHAR(enc, ptr, n) || ! IS_NMSTRT_CHAR(enc, ptr, n)) { \
|
|
|
9728d7 |
*nextTokPtr = ptr; \
|
|
|
9728d7 |
return XML_TOK_INVALID; \
|
|
|
9728d7 |
} \
|
|
|
9728d7 |
@@ -1090,6 +1090,10 @@ PREFIX(prologTok)(const ENCODING *enc, c
|
|
|
9728d7 |
case BT_LEAD ## n: \
|
|
|
9728d7 |
if (end - ptr < n) \
|
|
|
9728d7 |
return XML_TOK_PARTIAL_CHAR; \
|
|
|
9728d7 |
+ if (IS_INVALID_CHAR(enc, ptr, n)) { \
|
|
|
9728d7 |
+ *nextTokPtr = ptr; \
|
|
|
9728d7 |
+ return XML_TOK_INVALID; \
|
|
|
9728d7 |
+ } \
|
|
|
9728d7 |
if (IS_NMSTRT_CHAR(enc, ptr, n)) { \
|
|
|
9728d7 |
ptr += n; \
|
|
|
9728d7 |
tok = XML_TOK_NAME; \
|