mirror
/
electron
mirror of https://github.com/electron/electron
1
0
Fork 0
Code Issues Releases Activity
electron/patches/chromium/m112_cherry_pick_libxml_cve...

48 lines
2.1 KiB
Diff
Raw Permalink Blame History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Joey Arhar <jarhar@chromium.org>
Date: Fri, 21 Apr 2023 20:53:40 +0000
Subject: M112: Cherry pick libxml CVE fix
This patch cherry-picks a fix for [CVE-2023-29469] from libxml:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/547edbf1cbdccd46b2e8ff322a456eaa5931c5df
I cherry-picked these by going into my libxml checkout, checking out the
commit that libxml is at for this M112 branch, cherry-picking the CVE
fixes, then running the roll script on all platforms.
Bug: 1433328
Change-Id: Iaee58b0890f7190386cca3e430286f39ccbbdb02
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4456592
Commit-Queue: David Baron <dbaron@chromium.org>
Reviewed-by: David Baron <dbaron@chromium.org>
Commit-Queue: Joey Arhar <jarhar@chromium.org>
Auto-Submit: Joey Arhar <jarhar@chromium.org>
Cr-Commit-Position: refs/branch-heads/5615@{#1325}
Cr-Branched-From: 9c6408ef696e83a9936b82bbead3d41c93c82ee4-refs/heads/main@{#1109224}
diff --git a/third_party/libxml/README.chromium b/third_party/libxml/README.chromium
index 9813d7cd51b62164cd9cad86b57a0b660d22a223..182f0a73439a5e549aed0fa01b22bdca94a8ccbc 100644
--- a/third_party/libxml/README.chromium
+++ b/third_party/libxml/README.chromium
@@ -25,5 +25,6 @@ Modifications:
in chromium's copy of maldoca. See https://github.com/google/maldoca/issues/87
- Add helper classes in the chromium/ subdirectory.
- Delete various unused files, see chromium/roll.py
+- Cherry picked fix for CVE-2023-29469
This import was generated by the chromium/roll.py script.
diff --git a/third_party/libxml/src/dict.c b/third_party/libxml/src/dict.c
index 5c9ca71940ceea9f4aec9f1e7dfb6c3ba6bd8c76..300df7a55638f4c6728a88c336b3c3197ab05676 100644
--- a/third_party/libxml/src/dict.c
+++ b/third_party/libxml/src/dict.c
@@ -455,7 +455,8 @@ static unsigned long
xmlDictComputeFastKey(const xmlChar *name, int namelen, int seed) {
unsigned long value = seed;
- if (name == NULL) return(0);
+ if ((name == NULL) || (namelen <= 0))
+ return(value);
value += *name;
value <<= 5;
if (namelen > 10) {
View Git Blame Copy Permalink