Debian Patches
Status for libxml-parser-perl/2.47-2
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| Fix-buffer-overflow-in-parse_stream-when-filehandle-.patch | Fix buffer overflow in parse_stream when filehandle has :utf8 layer When a filehandle has a :utf8 PerlIO layer, Perl's read() returns decoded characters, but SvPV() gives back the UTF-8 byte representation which can be larger than the pre-allocated XML buffer. Previously this caused heap corruption (double free / buffer overflow), and a later workaround (BUFSIZE * 6 + croak) prevented the corruption but still crashed. Fix by re-obtaining the expat buffer at the actual byte size when the read produces more bytes than initially allocated. This handles UTF-8 streams gracefully without wasting memory on an oversized buffer. Fixes https://github.com/cpan-authors/XML-Parser/issues/64 (migrated from rt.cpan.org #19859) |
Toddr Bot <toddbot@rinaldo.us> | no | https://github.com/cpan-authors/XML-Parser/commit/5361c2b7f48599718cdecbe50c5fdd88b28ffd79 | 2026-03-16 | |
| fix-off-by-one-heap-buffer-overflow-in-st_serial_sta.patch | fix: off-by-one heap buffer overflow in st_serial_stack growth check When st_serial_stackptr == st_serial_stacksize - 1, the old check (stackptr >= stacksize) would not trigger reallocation. The subsequent ++stackptr then writes at index stacksize, one element past the allocated buffer. Fix by checking stackptr + 1 >= stacksize so the buffer is grown before the pre-increment write. Add a deep nesting test (600 levels) to exercise this code path. Fixes #39 |
Toddr Bot <toddbot@rinaldo.us> | yes | debian upstream | https://github.com/cpan-authors/XML-Parser/commit/08dd37c35ec5e64e26aacb8514437f54708f7fd1 | 2026-03-16 |
All known versions for source package 'libxml-parser-perl'
- 2.47-2 (forky, sid)
- 2.47-2~deb13u1 (trixie-proposed-updates, trixie-security)
- 2.47-1 (trixie)
- 2.46-4+deb12u1 (bookworm-proposed-updates, bookworm-security)
- 2.46-4 (bookworm)