Package: xmlstarlet
Version: 1.6.1-1
Severity: normal
Tags: patch
Dear Maintainer,
echo '"' | xmlstartlet unesc
fails with "entity name too long". This is caused by an off-by-one error in
xml_escape.c.
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.7.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages xmlstarlet depends on:
ii libc6 2.24-2
ii libxml2 2.9.4+dfsg1-1+b1
ii libxslt1.1 1.1.29-1
xmlstarlet recommends no packages.
xmlstarlet suggests no packages.
-- no debconf information
40-use-debian-docbook-xsl.patch
50-fix-format-security.patch
60-avoid-silent-rules.patch
70-fix-unesc-dquot.patch
Description: unesc fails to handle " and ' correctly because it thinks they are too long.
Author: Norbert Kiesel <n...@iname.com>
Last-Update: 2016-09-08
--- a/src/xml_escape.c
+++ b/src/xml_escape.c
@@ -222,7 +222,7 @@
semicolon_off++;
}
entity_len = semicolon_off - i;
- if (entity_len < MAX_ENTITY_NAME) {
+ if (entity_len <= MAX_ENTITY_NAME) {
memcpy(entity, &str[i], entity_len);
entity[entity_len] = '\0';
if (str[semicolon_off] == ';') {
