From a7a94612aa3b16779e2c74e1fa353b5d9786c602 Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@redhat.com>
Date: Tue, 9 Feb 2016 12:55:29 +0100
Subject: [PATCH] Heap-based buffer overread in xmlNextChar

For https://bugzilla.gnome.org/show_bug.cgi?id=759671

when the end of the internal subset isn't properly detected
xmlParseInternalSubset should just return instead of trying
to process input further.

Upstream-Status: Backport
CVE: CVE-2016-1762
Signed-off-by: Armin Kuster <akuster@mvista.com>

---
 parser.c                       |  1 +
 result/errors/754946.xml.err   | 10 +++++-----
 result/errors/content1.xml.err |  2 +-
 result/valid/t8.xml.err        |  2 +-
 result/valid/t8a.xml.err       |  2 +-
 5 files changed, 9 insertions(+), 8 deletions(-)

Index: libxml2-2.9.2/parser.c
===================================================================
--- libxml2-2.9.2.orig/parser.c
+++ libxml2-2.9.2/parser.c
@@ -8480,6 +8480,7 @@ xmlParseInternalSubset(xmlParserCtxtPtr
      */
     if (RAW != '>') {
 	xmlFatalErr(ctxt, XML_ERR_DOCTYPE_NOT_FINISHED, NULL);
+	return;
     }
     NEXT;
 }
Index: libxml2-2.9.2/result/errors/754946.xml.err
===================================================================
--- libxml2-2.9.2.orig/result/errors/754946.xml.err
+++ libxml2-2.9.2/result/errors/754946.xml.err
@@ -11,9 +11,9 @@ Entity: line 1: parser error : DOCTYPE i
 Entity: line 1: 
 A<lbbbbbbbbbbbbbbbbbbb_
 ^
-./test/errors/754946.xml:1: parser error : Start tag doesn't start and stop in the same entity
->%SYSTEM;<![
-         ^
-./test/errors/754946.xml:1: parser error : Extra content at the end of the document
->%SYSTEM;<![
+Entity: line 1: parser error : Start tag expected, '<' not found
+ %SYSTEM; 
          ^
+Entity: line 1: 
+A<lbbbbbbbbbbbbbbbbbbb_
+^
Index: libxml2-2.9.2/result/errors/content1.xml.err
===================================================================
--- libxml2-2.9.2.orig/result/errors/content1.xml.err
+++ libxml2-2.9.2/result/errors/content1.xml.err
@@ -13,4 +13,4 @@
                          ^
 ./test/errors/content1.xml:7: parser error : Start tag expected, '<' not found
 <!ELEMENT aElement (a |b * >
-                           ^
+                         ^
Index: libxml2-2.9.2/result/valid/t8.xml.err
===================================================================
--- libxml2-2.9.2.orig/result/valid/t8.xml.err
+++ libxml2-2.9.2/result/valid/t8.xml.err
@@ -16,4 +16,4 @@ Entity: line 1: parser error : Start tag
           ^
 Entity: line 1: 
 &lt;!ELEMENT root (middle) >
- ^
+^
Index: libxml2-2.9.2/result/valid/t8a.xml.err
===================================================================
--- libxml2-2.9.2.orig/result/valid/t8a.xml.err
+++ libxml2-2.9.2/result/valid/t8a.xml.err
@@ -16,4 +16,4 @@ Entity: line 1: parser error : Start tag
           ^
 Entity: line 1: 
 &lt;!ELEMENT root (middle) >
- ^
+^