From 0de0c181bb370e2bfd26416f15cdad2b7c3e8d9f Mon Sep 17 00:00:00 2001
From: panzhe0328 <panzhe@kylinos.cn>
Date: Mon, 11 Aug 2025 15:23:35 +0800
Subject: [PATCH] Add test for CVE-2025-6021

---
 Test-for-CVE-2025-6021.patch | 83 ++++++++++++++++++++++++++++++++++++
 libxml2.spec                 |  6 ++-
 2 files changed, 88 insertions(+), 1 deletion(-)
 create mode 100644 Test-for-CVE-2025-6021.patch

diff --git a/Test-for-CVE-2025-6021.patch b/Test-for-CVE-2025-6021.patch
new file mode 100644
index 0000000..7801b78
--- /dev/null
+++ b/Test-for-CVE-2025-6021.patch
@@ -0,0 +1,83 @@
+From a3d1ee597af591bcfb257bba71d089b4ac3665ee Mon Sep 17 00:00:00 2001
+From: panzhe0328 <panzhe@kylinos.cn>
+Date: Mon, 11 Aug 2025 15:17:52 +0800
+Subject: [PATCH] Add test for CVE-2025-6021
+
+---
+ testapi.c | 42 ++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 42 insertions(+)
+
+diff --git a/testapi.c b/testapi.c
+index 0a0aadf..24fc6bb 100644
+--- a/testapi.c
++++ b/testapi.c
+@@ -15,10 +15,12 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
++#include <limits.h>
+ #include <libxml/xmlerror.h>
+ #include <libxml/catalog.h>
+ #include <libxml/relaxng.h>
+ #include <libxml/parser.h>
++#include "libxml/xmlmemory.h"
+ 
+ 
+ static int testlibxml2(void);
+@@ -18742,6 +18744,45 @@ test_xmlBuildQName(void) {
+     return(test_ret);
+ }
+ 
++static int
++test_xmlBuildQName_overflow(void) {
++    // Test for CVE-2025-6021
++    int test_ret = 0;
++
++    printf("Begin to test xmlBuildQName overflow\n");
++
++    const xmlChar *prefix = (const xmlChar *)"abc";
++    size_t ncname_length = (size_t)INT_MAX - 3;
++    xmlChar *ncname = (xmlChar *)xmlMalloc(ncname_length + 1);
++    if (!ncname) {
++        printf("Memory allocation failed for local name\n");
++        test_ret++;
++        return(test_ret);
++    }
++    memset(ncname, 'a', ncname_length);
++    ncname[ncname_length] = '\0';
++    xmlChar buf[100];
++    memset(buf, 'b', sizeof(buf));
++
++    xmlChar *result = xmlBuildQName(ncname, prefix, buf, sizeof(buf));
++    if (result == buf) {
++        test_ret++;
++        printf("Used input buffer directly: potential overflow detected.\n");
++    } else if (result) {
++        printf("Created new buffer for result: safe allocation path.\n");
++        xmlFree(result);
++    } else {
++        test_ret++;
++        printf("Operation returned NULL: unexpected error occurred.\n");
++    }
++
++    xmlFree(ncname);
++    xmlCleanupParser();
++
++    function_tests++;
++
++    return(test_ret);
++}
+ 
+ static int
+ test_xmlChildElementCount(void) {
+@@ -23978,6 +24019,7 @@ test_tree(void) {
+     test_ret += test_xmlValidateNMToken();
+     test_ret += test_xmlValidateName();
+     test_ret += test_xmlValidateQName();
++    test_ret += test_xmlBuildQName_overflow();
+ 
+     if (test_ret != 0)
+ 	printf("Module tree: %d errors\n", test_ret);
+-- 
+2.25.1
+
diff --git a/libxml2.spec b/libxml2.spec
index 3898819..2bdab98 100644
--- a/libxml2.spec
+++ b/libxml2.spec
@@ -1,7 +1,7 @@
 Summary: Library providing XML and HTML support
 Name: libxml2
 Version: 2.12.10
-Release: 5
+Release: 6
 License: MIT
 Group: Development/Libraries
 Source: https://download.gnome.org/sources/%{name}/2.12/%{name}-%{version}.tar.xz
@@ -13,6 +13,7 @@ Patch6003: CVE-2025-6021.patch
 Patch6004: CVE-2025-49795.patch
 Patch6005: CVE-2025-49794,CVE-2025-49796.patch
 Patch6006: backport-CVE-2025-6170.patch
+Patch6007: Test-for-CVE-2025-6021.patch
 
 BuildRequires: pkgconfig(liblzma)
 BuildRequires: pkgconfig(python3)
@@ -132,6 +133,9 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz
 
 
 %changelog
+* Mon Aug 11 2025 panzhe <panzhe@kylinos.cn> - 2.12.10-6
+- Add test for CVE-2025-6021
+
 * Tue Jul 15 2025 zhuo <1107893276@qq.com> - 2.12.10-5
 - Type:CVE
 - CVE:CVE-2025-6170
-- 
Gitee