From 3e6190e433479e56f8c1e5adc1198b3c86b15577 Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Sun, 17 Jul 2016 20:22:29 +0200 Subject: [PATCH] Fix regression introduced by patch to CVE-2016-0718 (bug #539) Tag names were cut off in some cases; reported by Andy Wang --- expat/lib/xmlparse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c index 13e080d..2630310 100644 --- expat/lib/xmlparse.c +++ expat-fixed/lib/xmlparse.c @@ -2430,7 +2430,7 @@ doContent(XML_Parser parser, &fromPtr, rawNameEnd, (ICHAR **)&toPtr, (ICHAR *)tag->bufEnd - 1); convLen = (int)(toPtr - (XML_Char *)tag->buf); - if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) { + if ((fromPtr >= rawNameEnd) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) { tag->name.strLen = convLen; break; } -- 2.9.2