18 lines
816 B
Diff
18 lines
816 B
Diff
--- firefox-79.0/parser/expat/lib/xmlparse.c.cve-2022-43680 2022-11-18 10:00:58.441551281 +0800
|
|
+++ firefox-79.0/parser/expat/lib/xmlparse.c 2022-11-18 10:05:30.523029488 +0800
|
|
@@ -1004,6 +1004,14 @@ parserCreate(const XML_Char *encodingNam
|
|
parserInit(parser, encodingName);
|
|
|
|
if (encodingName && !protocolEncodingName) {
|
|
+ if (dtd) {
|
|
+ // We need to stop the upcoming call to XML_ParserFree from happily
|
|
+ // destroying parser->m_dtd because the DTD is shared with the parent
|
|
+ // parser and the only guard that keeps XML_ParserFree from destroying
|
|
+ // parser->m_dtd is parser->m_isParamEntity but it will be set to
|
|
+ // XML_TRUE only later in XML_ExternalEntityParserCreate (or not at all).
|
|
+ parser->m_dtd = NULL;
|
|
+ }
|
|
XML_ParserFree(parser);
|
|
return NULL;
|
|
}
|