From e0bddea835b4ffdae5fcd70b4f00a20bac8ee55f Mon Sep 17 00:00:00 2001
From: "@ran-zhao-yu" <ranzhaoyu1@huawei.com>
Date: Wed, 12 Jun 2024 15:11:18 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E8=A1=A5CVE-34459=E6=BC=8F=E6=B4=9E?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: @ran-zhao-yu <ranzhaoyu1@huawei.com>
---
 Fix-CVE-2024-34459.patch | 26 ++++++++++++++++++++++++++
 install.py               |  3 ++-
 2 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100644 Fix-CVE-2024-34459.patch

diff --git a/Fix-CVE-2024-34459.patch b/Fix-CVE-2024-34459.patch
new file mode 100644
index 0000000..cebaee8
--- /dev/null
+++ b/Fix-CVE-2024-34459.patch
@@ -0,0 +1,26 @@
+From 2876ac5392a4e891b81e40e592c3ac6cb46016ce Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Wed, 8 May 2024 11:49:31 +0200
+Subject: [PATCH] [CVE-2024-34459] Fix buffer overread with `xmllint --htmlout`
+
+Add a missing bounds check.
+---
+ xmllint.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/xmllint.c b/xmllint.c
+index 82a878651..4d84c640b 100644
+--- a/xmllint.c
++++ b/xmllint.c
+@@ -602,7 +602,7 @@ xmlHTMLPrintFileContext(xmlParserInputPtr input) {
+     len = strlen(buffer);
+     snprintf(&buffer[len], sizeof(buffer) - len, "\n");
+     cur = input->cur;
+-    while ((*cur == '\n') || (*cur == '\r'))
++    while ((cur > base) && ((*cur == '\n') || (*cur == '\r')))
+ 	cur--;
+     n = 0;
+     while ((cur != base) && (n++ < 80)) {
+-- 
+GitLab
+
diff --git a/install.py b/install.py
index 4a46ce4..59a7308 100755
--- a/install.py
+++ b/install.py
@@ -58,7 +58,8 @@ def do_patch(args, target_dir):
         "libxml2-multilib.patch",
         "Fix-CVE-2023-45322-pre-patch.patch",
         "Fix-CVE-2023-45322.patch",
-        "Fix-CVE-2023-25062.patch"
+        "Fix-CVE-2023-25062.patch",
+        "Fix-CVE-2024-34459.patch"
     ]
 
     for patch in patch_file:
-- 
Gitee