--- parser.c.orig 2009-08-03 15:33:12.000000000 +0200
+++ parser.c 2009-08-03 15:36:26.000000000 +0200
@@ -4778,10 +4779,14 @@ xmlParseNotationType(xmlParserCtxtPtr ct
if (name == NULL) {
xmlFatalErrMsg(ctxt, XML_ERR_NAME_REQUIRED,
"Name expected in NOTATION declaration\n");
- return(ret);
+ xmlFreeEnumeration(ret);
+ return(NULL);
}
cur = xmlCreateEnumeration(name);
- if (cur == NULL) return(ret);
+ if (cur == NULL) {
+ xmlFreeEnumeration(ret);
+ return(NULL);
+ }
if (last == NULL) ret = last = cur;
else {
last->next = cur;
@@ -4791,9 +4796,8 @@ xmlParseNotationType(xmlParserCtxtPtr ct
} while (RAW == '|');
if (RAW != ')') {
xmlFatalErr(ctxt, XML_ERR_NOTATION_NOT_FINISHED, NULL);
- if ((last != NULL) && (last != ret))
- xmlFreeEnumeration(last);
- return(ret);
+ xmlFreeEnumeration(ret);
+ return(NULL);
}
NEXT;
return(ret);
@@ -4834,7 +4838,10 @@ xmlParseEnumerationType(xmlParserCtxtPtr
}
cur = xmlCreateEnumeration(name);
xmlFree(name);
- if (cur == NULL) return(ret);
+ if (cur == NULL) {
+ xmlFreeEnumeration(ret);
+ return(NULL);
+ }
if (last == NULL) ret = last = cur;
else {
last->next = cur;
@@ -5232,6 +5239,12 @@ xmlParseElementChildrenContentDecl (xmlP
const xmlChar *elem;
xmlChar type = 0;
+ if (ctxt->depth > 128) {
+ xmlFatalErrMsgInt(ctxt, XML_ERR_ELEMCONTENT_NOT_FINISHED,
+ "xmlParseElementChildrenContentDecl : depth %d too deep\n",
+ ctxt->depth);
+ return(NULL);
+ }
SKIP_BLANKS;
GROW;
if (RAW == '(') {
@@ -5240,7 +5253,9 @@ xmlParseElementChildrenContentDecl (xmlP
/* Recurse on first child */
NEXT;
SKIP_BLANKS;
+ ctxt->depth++;
cur = ret = xmlParseElementChildrenContentDecl(ctxt, inputid);
+ ctxt->depth--;
SKIP_BLANKS;
GROW;
} else {
@@ -5370,7 +5385,9 @@ xmlParseElementChildrenContentDecl (xmlP
/* Recurse on second child */
NEXT;
SKIP_BLANKS;
+ ctxt->depth++;
last = xmlParseElementChildrenContentDecl(ctxt, inputid);
+ ctxt->depth--;
SKIP_BLANKS;
} else {
elem = xmlParseName(ctxt);
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
media
>
main-src
>
by-pkgid
>
6709f41e1c9c0ac6e610e609c299d4fb
>
files
>
12
