| Index: third_party/libxml/chromium/chromium-issue-628581.patch
|
| diff --git a/third_party/libxml/chromium/chromium-issue-628581.patch b/third_party/libxml/chromium/chromium-issue-628581.patch
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..42b7c630c9666712f09f1aa9757e05b19cd7ae49
|
| --- /dev/null
|
| +++ b/third_party/libxml/chromium/chromium-issue-628581.patch
|
| @@ -0,0 +1,180 @@
|
| +diff --git a/third_party/libxml/src/entities.c b/third_party/libxml/src/entities.c
|
| +index 64808ff64d6a..2851e2d43113 100644
|
| +--- a/entities.c
|
| ++++ b/entities.c
|
| +@@ -159,6 +159,7 @@ xmlCreateEntity(xmlDictPtr dict, const xmlChar *name, int type,
|
| + memset(ret, 0, sizeof(xmlEntity));
|
| + ret->type = XML_ENTITY_DECL;
|
| + ret->checked = 0;
|
| ++ ret->guard = XML_ENTITY_NOT_BEING_CHECKED;
|
| +
|
| + /*
|
| + * fill the structure.
|
| +@@ -931,6 +932,7 @@ xmlCopyEntity(xmlEntityPtr ent) {
|
| + cur->orig = xmlStrdup(ent->orig);
|
| + if (ent->URI != NULL)
|
| + cur->URI = xmlStrdup(ent->URI);
|
| ++ cur->guard = 0;
|
| + return(cur);
|
| + }
|
| +
|
| +diff --git a/third_party/libxml/src/include/libxml/entities.h b/third_party/libxml/src/include/libxml/entities.h
|
| +index 47b4573eba65..012efab294cb 100644
|
| +--- a/include/libxml/entities.h
|
| ++++ b/include/libxml/entities.h
|
| +@@ -35,8 +35,13 @@ typedef enum {
|
| + * and the linkind data needed for the linking in the hash table.
|
| + */
|
| +
|
| ++typedef enum {
|
| ++ XML_ENTITY_NOT_BEING_CHECKED,
|
| ++ XML_ENTITY_BEING_CHECKED /* entity check is in progress */
|
| ++} xmlEntityRecursionGuard;
|
| ++
|
| + struct _xmlEntity {
|
| +- void *_private; /* application data */
|
| ++ void *_private; /* application data */
|
| + xmlElementType type; /* XML_ENTITY_DECL, must be second ! */
|
| + const xmlChar *name; /* Entity name */
|
| + struct _xmlNode *children; /* First child link */
|
| +@@ -56,10 +61,11 @@ struct _xmlEntity {
|
| + struct _xmlEntity *nexte; /* unused */
|
| + const xmlChar *URI; /* the full URI as computed */
|
| + int owner; /* does the entity own the childrens */
|
| +- int checked; /* was the entity content checked */
|
| +- /* this is also used to count entities
|
| +- * references done from that entity
|
| +- * and if it contains '<' */
|
| ++ int checked; /* was the entity content checked and */
|
| ++ /* l.o. bit: replacement contains '<' */
|
| ++ /* remaining bits: one plus count of */
|
| ++ /* entity references from this entity */
|
| ++ xmlEntityRecursionGuard guard;
|
| + };
|
| +
|
| + /*
|
| +diff --git a/third_party/libxml/src/parser.c b/third_party/libxml/src/parser.c
|
| +index 53a6b7f0c961..e3136123dca6 100644
|
| +--- a/parser.c
|
| ++++ b/parser.c
|
| +@@ -137,18 +137,24 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size,
|
| + * This may look absurd but is needed to detect
|
| + * entities problems
|
| + */
|
| ++ if ((ent != NULL) && (ent->guard == XML_ENTITY_BEING_CHECKED)) {
|
| ++ xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL);
|
| ++ return (1);
|
| ++ }
|
| + if ((ent != NULL) && (ent->etype != XML_INTERNAL_PREDEFINED_ENTITY) &&
|
| + (ent->content != NULL) && (ent->checked == 0) &&
|
| + (ctxt->errNo != XML_ERR_ENTITY_LOOP)) {
|
| + unsigned long oldnbent = ctxt->nbentities;
|
| + xmlChar *rep;
|
| +
|
| ++ ent->guard = XML_ENTITY_BEING_CHECKED;
|
| + ent->checked = 1;
|
| +
|
| + ++ctxt->depth;
|
| + rep = xmlStringDecodeEntities(ctxt, ent->content,
|
| + XML_SUBSTITUTE_REF, 0, 0, 0);
|
| + --ctxt->depth;
|
| ++ ent->guard = XML_ENTITY_NOT_BEING_CHECKED;
|
| + if (ctxt->errNo == XML_ERR_ENTITY_LOOP) {
|
| + ent->content[0] = 0;
|
| + }
|
| +@@ -7329,23 +7335,28 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
|
| + * if its replacement text matches the production labeled
|
| + * content.
|
| + */
|
| +- if (ent->etype == XML_INTERNAL_GENERAL_ENTITY) {
|
| +- ctxt->depth++;
|
| +- ret = xmlParseBalancedChunkMemoryInternal(ctxt, ent->content,
|
| +- user_data, &list);
|
| +- ctxt->depth--;
|
| +-
|
| +- } else if (ent->etype == XML_EXTERNAL_GENERAL_PARSED_ENTITY) {
|
| +- ctxt->depth++;
|
| +- ret = xmlParseExternalEntityPrivate(ctxt->myDoc, ctxt, ctxt->sax,
|
| +- user_data, ctxt->depth, ent->URI,
|
| +- ent->ExternalID, &list);
|
| +- ctxt->depth--;
|
| +- } else {
|
| +- ret = XML_ERR_ENTITY_PE_INTERNAL;
|
| +- xmlErrMsgStr(ctxt, XML_ERR_INTERNAL_ERROR,
|
| +- "invalid entity type found\n", NULL);
|
| +- }
|
| ++ if (ent->guard == XML_ENTITY_BEING_CHECKED) {
|
| ++ ret = XML_ERR_ENTITY_LOOP;
|
| ++ } else {
|
| ++ ent->guard = XML_ENTITY_BEING_CHECKED;
|
| ++ if (ent->etype == XML_INTERNAL_GENERAL_ENTITY) {
|
| ++ ctxt->depth++;
|
| ++ ret = xmlParseBalancedChunkMemoryInternal(ctxt, ent->content,
|
| ++ user_data, &list);
|
| ++ ctxt->depth--;
|
| ++ } else if (ent->etype == XML_EXTERNAL_GENERAL_PARSED_ENTITY) {
|
| ++ ctxt->depth++;
|
| ++ ret = xmlParseExternalEntityPrivate(ctxt->myDoc, ctxt, ctxt->sax,
|
| ++ user_data, ctxt->depth, ent->URI,
|
| ++ ent->ExternalID, &list);
|
| ++ ctxt->depth--;
|
| ++ } else {
|
| ++ ret = XML_ERR_ENTITY_PE_INTERNAL;
|
| ++ xmlErrMsgStr(ctxt, XML_ERR_INTERNAL_ERROR,
|
| ++ "invalid entity type found\n", NULL);
|
| ++ }
|
| ++ ent->guard = XML_ENTITY_NOT_BEING_CHECKED;
|
| ++ }
|
| +
|
| + /*
|
| + * Store the number of entities needing parsing for this entity
|
| +@@ -7448,23 +7459,29 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
|
| + else
|
| + user_data = ctxt->userData;
|
| +
|
| +- if (ent->etype == XML_INTERNAL_GENERAL_ENTITY) {
|
| +- ctxt->depth++;
|
| +- ret = xmlParseBalancedChunkMemoryInternal(ctxt,
|
| +- ent->content, user_data, NULL);
|
| +- ctxt->depth--;
|
| +- } else if (ent->etype ==
|
| +- XML_EXTERNAL_GENERAL_PARSED_ENTITY) {
|
| +- ctxt->depth++;
|
| +- ret = xmlParseExternalEntityPrivate(ctxt->myDoc, ctxt,
|
| +- ctxt->sax, user_data, ctxt->depth,
|
| +- ent->URI, ent->ExternalID, NULL);
|
| +- ctxt->depth--;
|
| +- } else {
|
| +- ret = XML_ERR_ENTITY_PE_INTERNAL;
|
| +- xmlErrMsgStr(ctxt, XML_ERR_INTERNAL_ERROR,
|
| +- "invalid entity type found\n", NULL);
|
| +- }
|
| ++ if (ent->guard == XML_ENTITY_BEING_CHECKED) {
|
| ++ ret = XML_ERR_ENTITY_LOOP;
|
| ++ } else {
|
| ++ ent->guard = XML_ENTITY_BEING_CHECKED;
|
| ++ if (ent->etype == XML_INTERNAL_GENERAL_ENTITY) {
|
| ++ ctxt->depth++;
|
| ++ ret = xmlParseBalancedChunkMemoryInternal(ctxt,
|
| ++ ent->content, user_data, NULL);
|
| ++ ctxt->depth--;
|
| ++ } else if (ent->etype ==
|
| ++ XML_EXTERNAL_GENERAL_PARSED_ENTITY) {
|
| ++ ctxt->depth++;
|
| ++ ret = xmlParseExternalEntityPrivate(ctxt->myDoc, ctxt,
|
| ++ ctxt->sax, user_data, ctxt->depth,
|
| ++ ent->URI, ent->ExternalID, NULL);
|
| ++ ctxt->depth--;
|
| ++ } else {
|
| ++ ret = XML_ERR_ENTITY_PE_INTERNAL;
|
| ++ xmlErrMsgStr(ctxt, XML_ERR_INTERNAL_ERROR,
|
| ++ "invalid entity type found\n", NULL);
|
| ++ }
|
| ++ ent->guard = XML_ENTITY_NOT_BEING_CHECKED;
|
| ++ }
|
| + if (ret == XML_ERR_ENTITY_LOOP) {
|
| + xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL);
|
| + return;
|
| +--
|
| +2.12.2.715.g7642488e1d-goog
|
| +
|
|
|
Chromium Code Reviews
Issue 2804483002:
Check in the libxml roll script. (Closed)
