On 2015年10月28日 17:41, Jussi Kukkonen wrote:
>
>
> On 28 October 2015 at 07:22, <kai.kang@windriver.com 
> <mailto:kai.kang@windriver.com>> wrote:
>
>     From: Kai Kang <kai.kang@windriver.com
>     <mailto:kai.kang@windriver.com>>
>
>     Backport patch from:
>
>     https://bugzilla.gnome.org/show_bug.cgi?id=746048
>
>     to fix valgrind errors and unsafe memory access.
>
>     Fix the indentation by the way.
>
>     Signed-off-by: Kai Kang <kai.kang@windriver.com
>     <mailto:kai.kang@windriver.com>>
>     ---
>      .../libxml2/libxml2-fix-unsafe-memory-access.patch | 97
>     ++++++++++++++++++++++
>      meta/recipes-core/libxml/libxml2_2.9.2.bb
>     <http://libxml2_2.9.2.bb>          |  3 +-
>      2 files changed, 99 insertions(+), 1 deletion(-)
>      create mode 100644
>     meta/recipes-core/libxml/libxml2/libxml2-fix-unsafe-memory-access.patch
>
>     diff --git
>     a/meta/recipes-core/libxml/libxml2/libxml2-fix-unsafe-memory-access.patch
>     b/meta/recipes-core/libxml/libxml2/libxml2-fix-unsafe-memory-access.patch
>     new file mode 100644
>     index 0000000..b583032
>     --- /dev/null
>     +++
>     b/meta/recipes-core/libxml/libxml2/libxml2-fix-unsafe-memory-access.patch
>     @@ -0,0 +1,97 @@
>     +Upstream-Status: Backport
>
>
> This may be a nitpick but I don't think DV has taken this patch in the 
> six months it's been available so it's not a backport.

I suppose Backport is the best choice in upstream status [ Pending 
Submitted Accepted Backport Denied Inappropriate ]. Though it is not 
from official upstream, it is from somewhere else as listed in the patch.

Thanks.

--Kai

>
>  - Jussi
>
>     +
>     +Backport from
>     +
>     +https://bugzilla.gnome.org/show_bug.cgi?id=746048
>     +
>     +to fix unsafe memory access.
>     +
>     +Signed-off-by: Kai Kang <kai.kang@windriver.com
>     <mailto:kai.kang@windriver.com>>
>     +---
>     +diff --git a/HTMLparser.c b/HTMLparser.c
>     +index d329d3b..6f81424 100644
>     +--- a/HTMLparser.c
>     ++++ b/HTMLparser.c
>     +@@ -3245,13 +3245,20 @@ htmlParseComment(htmlParserCtxtPtr ctxt) {
>     +       ctxt->instate = state;
>     +       return;
>     +     }
>     ++    if ((ctxt->input->end - ctxt->input->cur) < 3) {
>     ++        ctxt->instate = XML_PARSER_EOF;
>     ++        htmlParseErr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
>     ++                     "Comment not terminated\n", NULL, NULL);
>     ++        xmlFree(buf);
>     ++        return;
>     ++    }
>     +     q = CUR_CHAR(ql);
>     +     NEXTL(ql);
>     +     r = CUR_CHAR(rl);
>     +     NEXTL(rl);
>     +     cur = CUR_CHAR(l);
>     +     len = 0;
>     +-    while (IS_CHAR(cur) &&
>     ++    while (((ctxt->input->end - ctxt->input->cur) > 0) &&
>     IS_CHAR(cur) &&
>     +            ((cur != '>') ||
>     +           (r != '-') || (q != '-'))) {
>     +       if (len + 5 >= size) {
>     +@@ -3281,7 +3288,7 @@ htmlParseComment(htmlParserCtxtPtr ctxt) {
>     +       }
>     +     }
>     +     buf[len] = 0;
>     +-    if (!IS_CHAR(cur)) {
>     ++    if (!(ctxt->input->end - ctxt->input->cur) || !IS_CHAR(cur)) {
>     +       htmlParseErr(ctxt, XML_ERR_COMMENT_NOT_FINISHED,
>     +                    "Comment not terminated \n<!--%.50s\n", buf,
>     NULL);
>     +       xmlFree(buf);
>     +@@ -4465,6 +4472,7 @@ htmlParseContentInternal(htmlParserCtxtPtr
>     ctxt) {
>     +     depth = ctxt->nameNr;
>     +     while (1) {
>     +       long cons = ctxt->nbChars;
>     ++    long rem = ctxt->input->end - ctxt->input->cur;
>     +
>     +         GROW;
>     +
>     +@@ -4540,7 +4548,7 @@ htmlParseContentInternal(htmlParserCtxtPtr
>     ctxt) {
>     +           /*
>     +            * Sometimes DOCTYPE arrives in the middle of the document
>     +            */
>     +-          if ((CUR == '<') && (NXT(1) == '!') &&
>     ++          if ((rem >= 9) && (CUR == '<') && (NXT(1) == '!') &&
>     +               (UPP(2) == 'D') && (UPP(3) == 'O') &&
>     +               (UPP(4) == 'C') && (UPP(5) == 'T') &&
>     +               (UPP(6) == 'Y') && (UPP(7) == 'P') &&
>     +@@ -4554,7 +4562,7 @@ htmlParseContentInternal(htmlParserCtxtPtr
>     ctxt) {
>     +           /*
>     +            * First case :  a comment
>     +            */
>     +-          if ((CUR == '<') && (NXT(1) == '!') &&
>     ++          if ((rem >= 4) && (CUR == '<') && (NXT(1) == '!') &&
>     +               (NXT(2) == '-') && (NXT(3) == '-')) {
>     +               htmlParseComment(ctxt);
>     +           }
>     +@@ -4562,14 +4570,14 @@
>     htmlParseContentInternal(htmlParserCtxtPtr ctxt) {
>     +           /*
>     +            * Second case : a Processing Instruction.
>     +            */
>     +-          else if ((CUR == '<') && (NXT(1) == '?')) {
>     ++          else if ((rem >= 2) && (CUR == '<') && (NXT(1) == '?')) {
>     +               htmlParsePI(ctxt);
>     +           }
>     +
>     +           /*
>     +            * Third case :  a sub-element.
>     +            */
>     +-          else if (CUR == '<') {
>     ++          else if ((rem >= 1) && (CUR == '<')) {
>     +               htmlParseElementInternal(ctxt);
>     +               if (currentNode != NULL) xmlFree(currentNode);
>     +
>     +@@ -4581,7 +4589,7 @@ htmlParseContentInternal(htmlParserCtxtPtr
>     ctxt) {
>     +            * Fourth case : a reference. If if has not been resolved,
>     +            *    parsing returns it's Name, create the node
>     +            */
>     +-          else if (CUR == '&') {
>     ++          else if ((rem >= 1) && (CUR == '&')) {
>     +               htmlParseReference(ctxt);
>     +           }
>     +
>     diff --git a/meta/recipes-core/libxml/libxml2_2.9.2.bb
>     <http://libxml2_2.9.2.bb>
>     b/meta/recipes-core/libxml/libxml2_2.9.2.bb <http://libxml2_2.9.2.bb>
>     index 79a395c..4cafc87 100644
>     --- a/meta/recipes-core/libxml/libxml2_2.9.2.bb
>     <http://libxml2_2.9.2.bb>
>     +++ b/meta/recipes-core/libxml/libxml2_2.9.2.bb
>     <http://libxml2_2.9.2.bb>
>     @@ -2,7 +2,8 @@ require libxml2.inc
>
>      SRC_URI +=
>     "http://www.w3.org/XML/Test/xmlts20080827.tar.gz;name=testtar \
>      file://72a46a519ce7326d9a00f0b6a7f2a8e958cd1675.patch \
>     -
>      file://0001-threads-Define-pthread-definitions-for-glibc-complia.patch
>     \
>     +
>     file://0001-threads-Define-pthread-definitions-for-glibc-complia.patch
>     \
>     +            file://libxml2-fix-unsafe-memory-access.patch \
>                "
>
>      SRC_URI[libtar.md5sum] = "9e6a9aca9d155737868b3dc5fd82f788"
>     --
>     2.6.1
>
>     --
>     _______________________________________________
>     Openembedded-core mailing list
>     Openembedded-core@lists.openembedded.org
>     <mailto:Openembedded-core@lists.openembedded.org>
>     http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
>


-- 
Regards,
Neil | Kai Kang