From d0c3f01e110d54415611c5fa0040cdf4a56053f9 Mon Sep 17 00:00:00 2001 From: Nick Wellnhofer Date: Sat May 6 17:47:37 2023 +0200 Subject: [PATCH 1/2] parser: Fix old SAX1 parser with custom callbacks For some reason, xmlCtxtUseOptionsInternal set the start and end element SAX handlers to the internal DOM builder functions when XML_PARSE_SAX1 was specified. This means that custom SAX handlers could never work with that flag because these functions would receive the wrong user data argument and crash immediately. Fixes #535. CVE: CVE-2023-39615 Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/d0c3f01e110d54415611c5fa0040cdf4a56053f9] Signed-off-by: Soumya Sambu --- parser.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/parser.c b/parser.c index 0f76577..b781c80 100644 --- a/parser.c +++ b/parser.c @@ -15069,8 +15069,6 @@ xmlCtxtUseOptionsInternal(xmlParserCtxtPtr ctxt, int options, const char *encodi } #ifdef LIBXML_SAX1_ENABLED if (options & XML_PARSE_SAX1) { - ctxt->sax->startElement = xmlSAX2StartElement; - ctxt->sax->endElement = xmlSAX2EndElement; ctxt->sax->startElementNs = NULL; ctxt->sax->endElementNs = NULL; ctxt->sax->initialized = 1; -- 2.40.0