mozjs78/CVE-2022-25235.patch

From d4c2e1791d93c073308634aa15e5b11fd094c66d Mon Sep 17 00:00:00 2001
From: hartwork  <hartwork@gmail.com>
Date: Mon, 1 Jul 2024 10:21:06 +0800
Subject: [PATCH] CVE-2022-25235

---
 parser/expat/lib/xmltok.c      | 7 -------
 parser/expat/lib/xmltok_impl.c | 8 ++++++--
 2 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/parser/expat/lib/xmltok.c b/parser/expat/lib/xmltok.c
index f01c2fa996..d0e7f7f163 100644
--- a/parser/expat/lib/xmltok.c
+++ b/parser/expat/lib/xmltok.c
@@ -65,13 +65,6 @@
                       + ((((byte)[2]) >> 5) & 1)] \
          & (1u << (((byte)[2]) & 0x1F)))
 
-#define UTF8_GET_NAMING(pages, p, n) \
-  ((n) == 2 \
-  ? UTF8_GET_NAMING2(pages, (const unsigned char *)(p)) \
-  : ((n) == 3 \
-     ? UTF8_GET_NAMING3(pages, (const unsigned char *)(p)) \
-     : 0))
-
 /* Detection of invalid UTF-8 sequences is based on Table 3.1B
    of Unicode 3.2: http://www.unicode.org/unicode/reports/tr28/
    with the additional restriction of not allowing the Unicode
diff --git a/parser/expat/lib/xmltok_impl.c b/parser/expat/lib/xmltok_impl.c
index 5f779c0571..3bc0d85b8d 100644
--- a/parser/expat/lib/xmltok_impl.c
+++ b/parser/expat/lib/xmltok_impl.c
@@ -34,7 +34,7 @@
    case BT_LEAD ## n: \
      if (end - ptr < n) \
        return XML_TOK_PARTIAL_CHAR; \
-     if (!IS_NAME_CHAR(enc, ptr, n)) { \
+     if (IS_INVALID_CHAR(enc, ptr, n) || ! IS_NAME_CHAR(enc, ptr, n)) { \
        *nextTokPtr = ptr; \
        return XML_TOK_INVALID; \
      } \
@@ -62,7 +62,7 @@
    case BT_LEAD ## n: \
      if (end - ptr < n) \
        return XML_TOK_PARTIAL_CHAR; \
-     if (!IS_NMSTRT_CHAR(enc, ptr, n)) { \
+     if (IS_INVALID_CHAR(enc, ptr, n) || ! IS_NMSTRT_CHAR(enc, ptr, n)) { \
        *nextTokPtr = ptr; \
        return XML_TOK_INVALID; \
      } \
@@ -1090,6 +1090,10 @@ PREFIX(prologTok)(const ENCODING *enc, const char *ptr, const char *end,
   case BT_LEAD ## n: \
     if (end - ptr < n) \
       return XML_TOK_PARTIAL_CHAR; \
+    if (IS_INVALID_CHAR(enc, ptr, n)) {                                        \
+      *nextTokPtr = ptr;                                                       \
+      return XML_TOK_INVALID;                                                  \
+    }                                                                          \
     if (IS_NMSTRT_CHAR(enc, ptr, n)) { \
       ptr += n; \
       tok = XML_TOK_NAME; \
-- 
2.33.0