e57cb8baa2
- fix CVE-2009-1725 - crash, possible ACE in numeric character references - fix CVE-2009-1690 - crash, possible ACE in KHTML (<head> use-after-free) - fix CVE-2009-1687 - possible ACE in KJS (FIXME: still crashes?) - fix CVE-2009-1698 - crash, possible ACE in CSS style attribute handling
14 lines
556 B
Diff
14 lines
556 B
Diff
Index: khtml/html/htmltokenizer.cpp
|
|
===================================================================
|
|
--- khtml/html/htmltokenizer.cpp (revision 1002163)
|
|
+++ khtml/html/htmltokenizer.cpp (revision 1002164)
|
|
@@ -736,7 +736,7 @@
|
|
#ifdef TOKEN_DEBUG
|
|
kdDebug( 6036 ) << "unknown entity!" << endl;
|
|
#endif
|
|
- checkBuffer(10);
|
|
+ checkBuffer(11);
|
|
// ignore the sequence, add it to the buffer as plaintext
|
|
*dest++ = '&';
|
|
for(unsigned int i = 0; i < cBufferPos; i++)
|