libcroco parser: limit recursion in block and any productions (203d62ef) · Commits · Inkscape / inkscape · GitLab

The 17.0 major release is coming on May 16, 2024! This version brings many exciting improvements to GitLab, but also removes some deprecated features. We are introducing three breaking change windows during which we expect breaking changes to be deployed to GitLab.com. You can read more about it on our blogpost . The third breaking change window begins 2024-05-06 09:00 UTC and ends 2024-05-08 22:00 UTC.

Commit 203d62ef authored Aug 13, 2020 by

Michael Catanzaro Committed by Federico Mena Quintero Aug 13, 2020

libcroco parser: limit recursion in block and any productions

If we don't have any limits, we can recurse forever and overflow the
stack.

This is for CVE-2020-12825: Stack overflow in cr_parser_parse_any_core
in cr-parser.c.

Bug: https://gitlab.gnome.org/Archive/libcroco/-/issues/8
Patch from https://gitlab.gnome.org/Archive/libcroco/-/merge_requests/5

parent fd3c0846

Pipeline #177826456 passed with stages

in 46 minutes and 24 seconds

Hide whitespace changes

Inline Side-by-side

Wade Berrier @wberrier
mentioned in commit vivint-mirrors/meta-openembedded@fd3208ac7ea738e3177ad6d408e1d599b53fe7d7
· Mar 28, 2021

mentioned in commit vivint-mirrors/meta-openembedded@fd3208ac7ea738e3177ad6d408e1d599b53fe7d7

mentioned in commit vivint-mirrors/meta-openembedded@fd3208ac7ea738e3177ad6d408e1d599b53fe7d7

Toggle commit list
Nathan Lee @nathanal
mentioned in issue #2331 (closed)
· Apr 06, 2021

mentioned in issue #2331 (closed)

mentioned in issue #2331

Toggle commit list

Please register or to comment