[CVE-2024-34459] Fix buffer overread with xmllint --htmlout

nwellnhof · nwellnhof · commit 2876ac5392a4 · 2024-05-13T11:32:02.000+02:00
Add a missing bounds check.
diff --git a/xmllint.c b/xmllint.c
@@ -560,7 +560,7 @@ xmlHTMLPrintFileContext(xmlParserInputPtr input) {
     len = strlen(buffer);
     snprintf(&buffer[len], sizeof(buffer) - len, "\n");
     cur = input->cur;
-    while ((*cur == '\n') || (*cur == '\r'))
+    while ((cur > base) && ((*cur == '\n') || (*cur == '\r')))
 	cur--;
     n = 0;
     while ((cur != base) && (n++ < 80)) {
