[Bug 286439] textproc/libxml2 local port patch causes random x11/mate-terminal build failures

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 286439] textproc/libxml2 local port patch causes random x11/mate-terminal build failures"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 21 May 2025 06:12:01 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=286439

--- Comment #1 from Don Lewis <truckman@FreeBSD.org> ---
This is the patched version of python/libxml.c:

static void
libxml_xmlErrorFuncHandler(ATTRIBUTE_UNUSED void *ctx, const char *msg,
                           ...)
{
    va_list ap;
    PyObject *list;
    PyObject *message;
    PyObject *result;
    char str[1000];
    unsigned char *ptr = (unsigned char *)str;

#ifdef DEBUG_ERROR
    printf("libxml_xmlErrorFuncHandler(%p, %s, ...) called\n", ctx, msg);
#endif

#if PY_MAJOR_VERSION >= 3
    /* Ensure the error string doesn't start at UTF8 continuation. */
    while (*ptr && (*ptr & 0xc0) == 0x80)
        ptr++;
#endif

The problem is that at this point, buf[] is still uninitialized and just
contains stack garbage.  If it doesn't contain any NUL bytes,  the loop can
walk ptr off the end of the array.  Even if this doesn't happen, when ptr is
used later, it will have a nonsense value.

-- 
You are receiving this mail because:
You are on the CC list for the bug.