From 4f5dbbffcc1c6cf0398bd03450453289a0979dea Mon Sep 17 00:00:00 2001 From: Dave Beckett Date: Sat, 18 Sep 2021 17:40:00 -0700 Subject: [PATCH] XML Writer : compare namespace declarations correctly Apply patch from 0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1 that fixes Issue#0000650 https://bugs.librdf.org/mantis/view.php?id=650 which overwrote heap during XML writing in parse type literal content. This was detected with clang asan. Thanks to Michael Stahl / mst2 for the fix. --- src/raptor_xml_writer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c index 56993dc38..4426d38cf 100644 --- a/src/raptor_xml_writer.c +++ b/src/raptor_xml_writer.c @@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer, /* check it wasn't an earlier declaration too */ for(j = 0; j < nspace_declarations_count; j++) - if(nspace_declarations[j].nspace == element->attributes[j]->nspace) { + if(nspace_declarations[j].nspace == element->attributes[i]->nspace) { declare_me = 0; break; }