From b5c984dcd6c5f379d322b234d796011504381abf Mon Sep 17 00:00:00 2001
From: starlet-dx <15929766099@163.com>
Date: Thu, 27 Jan 2022 15:00:23 +0800
Subject: [PATCH] Fix CVE-2021-42260

---
 CVE-2021-42260.patch | 32 ++++++++++++++++++++++++++++++++
 timyxml.spec         |  8 ++++++--
 2 files changed, 38 insertions(+), 2 deletions(-)
 create mode 100644 CVE-2021-42260.patch

diff --git a/CVE-2021-42260.patch b/CVE-2021-42260.patch
new file mode 100644
index 0000000..9652487
--- /dev/null
+++ b/CVE-2021-42260.patch
@@ -0,0 +1,32 @@
+From f7ca0035d17a663f55668e662b840afce7b86112 Mon Sep 17 00:00:00 2001
+From: Christian Voegl <cvoegl@suse.com>
+Date: Wed, 27 Oct 2021 11:25:18 +0200
+Subject: [PATCH] In stamp always advance the pointer if *p= 0xef
+
+The current implementation only advanced if 0xef is followed
+by two non-zero bytes. In case of malformed input (0xef should be
+the start byte of a three byte character) this leads to an infinite
+loop. (CVE-2021-42260)
+---
+ tinyxmlparser.cpp | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/tinyxmlparser.cpp b/tinyxmlparser.cpp
+index 81b7eae..8aa0dfa 100755
+--- a/tinyxmlparser.cpp
++++ b/tinyxmlparser.cpp
+@@ -274,6 +274,12 @@ void TiXmlParsingData::Stamp( const char* now, TiXmlEncoding encoding )
+ 						else
+ 							{ p +=3; ++col; }	// A normal character.
+ 					}
++					else
++					{
++						// TIXML_UTF_LEAD_0 (239) is the start character of a 3 byte sequence, so
++						// there is something wrong here. Just advance the pointer to evade infinite loops
++						++p;
++					}
+ 				}
+ 				else
+ 				{
+--
+2.33.0
diff --git a/timyxml.spec b/timyxml.spec
index 97a7ec9..5276786 100644
--- a/timyxml.spec
+++ b/timyxml.spec
@@ -1,10 +1,11 @@
 Name:           tinyxml
 Version:        2.6.2
-Release:        19
+Release:        20
 Summary:        C++ XML parser
 License:        zlib
 URL:            http://www.grinninglizard.com/tinyxml/
 Source0:        http://downloads.sourceforge.net/tinyxml/tinyxml_2_6_2.tar.gz
+Patch0001:      CVE-2021-42260.patch
 BuildRequires:  gcc-c++
 
 %description
@@ -23,7 +24,7 @@ The devel package contains development files for tinyxml.
 It provides header files and libraries for tinyxml.
 
 %prep
-%autosetup -n tinyxml
+%autosetup -p1 -n tinyxml
 touch tinyxml.h
 
 %build
@@ -63,5 +64,8 @@ mkdir -p %{buildroot}%{_libdir}/pkgconfig
 %{_libdir}/*.so
 
 %changelog
+* Thu Jan 27 2022 yaoxin <yaoxin30@huawei.com> - 2.6.2-20
+- Fix CVE-2021-42260
+
 * Tue Feb 18 2020 Senlin Xia <xiasenlin1@huawei.com> - 2.6.2-19
 - Package init
-- 
Gitee