From 0b2791b56f658b6ec6ca7377dbcd2b72e6a78193 Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Wed, 23 Oct 2019 10:32:13 +0200 Subject: Issue #1255 - Port upstream fix from libexpat --- parser/expat/lib/xmlparse.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) (limited to 'parser') diff --git a/parser/expat/lib/xmlparse.c b/parser/expat/lib/xmlparse.c index 93a817764..6ab140c89 100644 --- a/parser/expat/lib/xmlparse.c +++ b/parser/expat/lib/xmlparse.c @@ -335,7 +335,7 @@ initializeEncoding(XML_Parser parser); static enum XML_Error doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end, int tok, const char *next, const char **nextPtr, - XML_Bool haveMore); + XML_Bool haveMore, XML_Bool allowClosingDoctype); static enum XML_Error processInternalEntity(XML_Parser parser, ENTITY *entity, XML_Bool betweenDecl); @@ -3760,7 +3760,7 @@ externalParEntProcessor(XML_Parser parser, processor = prologProcessor; return doProlog(parser, encoding, s, end, tok, next, - nextPtr, (XML_Bool)!ps_finalBuffer); + nextPtr, (XML_Bool)!ps_finalBuffer, XML_TRUE); } static enum XML_Error PTRCALL @@ -3810,7 +3810,7 @@ prologProcessor(XML_Parser parser, const char *next = s; int tok = XmlPrologTok(encoding, s, end, &next); return doProlog(parser, encoding, s, end, tok, next, - nextPtr, (XML_Bool)!ps_finalBuffer); + nextPtr, (XML_Bool)!ps_finalBuffer, XML_TRUE); } static enum XML_Error @@ -3821,7 +3821,8 @@ doProlog(XML_Parser parser, int tok, const char *next, const char **nextPtr, - XML_Bool haveMore) + XML_Bool haveMore, + XML_Bool allowClosingDoctype) { #ifdef XML_DTD static const XML_Char externalSubsetName[] = { '#' , '\0' }; @@ -3987,6 +3988,11 @@ doProlog(XML_Parser parser, } break; case XML_ROLE_DOCTYPE_CLOSE: + if (allowClosingDoctype != XML_TRUE) { + /* Must not close doctype from within expanded parameter entities */ + return XML_ERROR_INVALID_TOKEN; + } + if (doctypeName) { startDoctypeDeclHandler(handlerArg, doctypeName, doctypeSysid, doctypePubid, 0); @@ -4892,7 +4898,7 @@ processInternalEntity(XML_Parser parser, ENTITY *entity, if (entity->is_param) { int tok = XmlPrologTok(internalEncoding, textStart, textEnd, &next); result = doProlog(parser, internalEncoding, textStart, textEnd, tok, - next, &next, XML_FALSE); + next, &next, XML_FALSE, XML_FALSE); } else #endif /* XML_DTD */ @@ -4959,7 +4965,7 @@ internalEntityProcessor(XML_Parser parser, if (entity->is_param) { int tok = XmlPrologTok(internalEncoding, textStart, textEnd, &next); result = doProlog(parser, internalEncoding, textStart, textEnd, tok, - next, &next, XML_FALSE); + next, &next, XML_FALSE, XML_TRUE); } else #endif /* XML_DTD */ @@ -4986,7 +4992,7 @@ internalEntityProcessor(XML_Parser parser, processor = prologProcessor; tok = XmlPrologTok(encoding, s, end, &next); return doProlog(parser, encoding, s, end, tok, next, nextPtr, - (XML_Bool)!ps_finalBuffer); + (XML_Bool)!ps_finalBuffer, XML_TRUE); } else #endif /* XML_DTD */ -- cgit v1.2.3 From 250875046a10ea5ca64d787a7870b1a3aba7aa3d Mon Sep 17 00:00:00 2001 From: Henri Sivonen Date: Thu, 24 Oct 2019 11:43:25 +0200 Subject: Adjust tokenization of U+0000 --- parser/html/nsHtml5Tokenizer.cpp | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) (limited to 'parser') diff --git a/parser/html/nsHtml5Tokenizer.cpp b/parser/html/nsHtml5Tokenizer.cpp index 4c815b0c0..5464d211d 100644 --- a/parser/html/nsHtml5Tokenizer.cpp +++ b/parser/html/nsHtml5Tokenizer.cpp @@ -1054,9 +1054,6 @@ nsHtml5Tokenizer::stateLoop(int32_t state, char16_t c, int32_t pos, char16_t* bu } c = checkChar(buf, pos); switch(c) { - case '\0': { - NS_HTML5_BREAK(stateloop); - } case '-': { clearStrBufAfterOneHyphen(); state = P::transition(mViewSource, NS_HTML5TOKENIZER_COMMENT_START, reconsume, pos); @@ -1461,9 +1458,6 @@ nsHtml5Tokenizer::stateLoop(int32_t state, char16_t c, int32_t pos, char16_t* bu NS_HTML5_BREAK(stateloop); } c = checkChar(buf, pos); - if (c == '\0') { - NS_HTML5_BREAK(stateloop); - } switch(c) { case ' ': case '\t': @@ -1471,7 +1465,8 @@ nsHtml5Tokenizer::stateLoop(int32_t state, char16_t c, int32_t pos, char16_t* bu case '\r': case '\f': case '<': - case '&': { + case '&': + case '\0': { emitOrAppendCharRefBuf(returnState); if (!(returnState & NS_HTML5TOKENIZER_DATA_AND_RCDATA_MASK)) { cstart = pos; @@ -1519,9 +1514,6 @@ nsHtml5Tokenizer::stateLoop(int32_t state, char16_t c, int32_t pos, char16_t* bu NS_HTML5_BREAK(stateloop); } c = checkChar(buf, pos); - if (c == '\0') { - NS_HTML5_BREAK(stateloop); - } int32_t hilo = 0; if (c <= 'z') { const int32_t* row = nsHtml5NamedCharactersAccel::HILO_ACCEL[c]; @@ -1556,9 +1548,6 @@ nsHtml5Tokenizer::stateLoop(int32_t state, char16_t c, int32_t pos, char16_t* bu NS_HTML5_BREAK(stateloop); } c = checkChar(buf, pos); - if (c == '\0') { - NS_HTML5_BREAK(stateloop); - } entCol++; for (; ; ) { if (hi < lo) { -- cgit v1.2.3