[CVE-2024-34459] Fix buffer overread with xmllint --htmlout

Add a missing bounds check. Fixes #720.
GNOME · May 13, 2024 · 3ad7f81 · 3ad7f81
1 parent c83147b
commit 3ad7f81
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/xmllint.c b/xmllint.c
@@ -543,7 +543,7 @@ xmlHTMLPrintFileContext(xmlParserInputPtr input) {
     len = strlen(buffer);
     snprintf(&buffer[len], sizeof(buffer) - len, "\n");
     cur = input->cur;
-    while ((*cur == '\n') || (*cur == '\r'))
+    while ((cur > base) && ((*cur == '\n') || (*cur == '\r')))
 	cur--;
     n = 0;
     while ((cur != base) && (n++ < 80)) {