From 22516e1af73b96db98a7e92e637db4cd21108c59 Mon Sep 17 00:00:00 2001
From: "cevans@chromium.org"
 <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Tue, 13 Sep 2011 08:24:32 +0000
Subject: Desist libxml from continuing the parse after a SAX callback has
 stopped the parse.

BUG=95465
TEST=covered by existing tests under ASAN
Review URL: http://codereview.chromium.org/7875008

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@100883 0039d316-1c4b-4281-b951-d872f2087c98
---
 third_party/libxml/README.chromium |  3 ++-
 third_party/libxml/src/parser.c    | 14 +++++++++++---
 2 files changed, 13 insertions(+), 4 deletions(-)

(limited to 'third_party')

diff --git a/third_party/libxml/README.chromium b/third_party/libxml/README.chromium
index 970b287..83e4a2c 100644
--- a/third_party/libxml/README.chromium
+++ b/third_party/libxml/README.chromium
@@ -16,8 +16,9 @@ Modifications:
 - Import follow-on for above commit: http://git.gnome.org/browse/libxml2/commit/?id=ea90b894146030c214a7df6d8375310174f134b9
 - Import additional XPath fix http://git.gnome.org/browse/libxml2/commit/?id=df83c17e5a2646bd923f75e5e507bc80d73c9722
 - Import follow-on fix for above commit: http://git.gnome.org/browse/libxml2/commit/?id=fec31bcd452e77c10579467ca87a785b41115de6
-- And a follow-on fix to the previous two fixes, commit upstream is pending.
+- And a follow-on fix to the previous two fixes, committed upstream: http://git.gnome.org/browse/libxml2/commit/?id=f5048b3e71fc30ad096970b8df6e7af073bae4cb (slightly differently, but we can drop our local fix on the next roll).
 - Add a fix for handling of unknown namespaces, commit upstream is pending.
+- Add fixes for ending the parse properly if a SAX callback calls xmlStopParser(), commit upstream is pending.
 
 To import a new snapshot of libxml:
 
diff --git a/third_party/libxml/src/parser.c b/third_party/libxml/src/parser.c
index 3ba2a06..a82fcd1 100644
--- a/third_party/libxml/src/parser.c
+++ b/third_party/libxml/src/parser.c
@@ -4827,7 +4827,8 @@ xmlParsePI(xmlParserCtxtPtr ctxt) {
 		    (ctxt->sax->processingInstruction != NULL))
 		    ctxt->sax->processingInstruction(ctxt->userData,
 		                                     target, NULL);
-		ctxt->instate = state;
+		if (ctxt->instate != XML_PARSER_EOF)
+		    ctxt->instate = state;
 		return;
 	    }
 	    buf = (xmlChar *) xmlMallocAtomic(size * sizeof(xmlChar));
@@ -4907,7 +4908,8 @@ xmlParsePI(xmlParserCtxtPtr ctxt) {
 	} else {
 	    xmlFatalErr(ctxt, XML_ERR_PI_NOT_STARTED, NULL);
 	}
-	ctxt->instate = state;
+	if (ctxt->instate != XML_PARSER_EOF)
+	    ctxt->instate = state;
     }
 }
 
@@ -9466,6 +9468,8 @@ xmlParseElement(xmlParserCtxtPtr ctxt) {
     else
 	name = xmlParseStartTag(ctxt);
 #endif /* LIBXML_SAX1_ENABLED */
+    if (ctxt->instate == XML_PARSER_EOF)
+	return;
     if (name == NULL) {
 	spacePop(ctxt);
         return;
@@ -10845,6 +10849,8 @@ xmlParseTryOrFinish(xmlParserCtxtPtr ctxt, int terminate) {
 		else
 		    name = xmlParseStartTag(ctxt);
 #endif /* LIBXML_SAX1_ENABLED */
+		if (ctxt->instate == XML_PARSER_EOF)
+		    return;
 		if (name == NULL) {
 		    spacePop(ctxt);
 		    ctxt->instate = XML_PARSER_EOF;
@@ -11031,7 +11037,9 @@ xmlParseTryOrFinish(xmlParserCtxtPtr ctxt, int terminate) {
 		  else
 		    xmlParseEndTag1(ctxt, 0);
 #endif /* LIBXML_SAX1_ENABLED */
-		if (ctxt->nameNr == 0) {
+		if (ctxt->instate == XML_PARSER_EOF) {
+		    /* Nothing */
+		} else if (ctxt->nameNr == 0) {
 		    ctxt->instate = XML_PARSER_EPILOG;
 		} else {
 		    ctxt->instate = XML_PARSER_CONTENT;
-- 
cgit v1.1