appended data. Closes: #1064762
* d/control: build-dep on libhdf5-mpi-dev instead of libhdf5-openmpi-
dev. Closes: #1068321
+ * Cherry-pick patch from upstream to fix CVE-2021-42521. Closes:
+ #1031877.
-- Bo YU <tsu.yubo@gmail.com> Tue, 24 Oct 2023 14:35:29 +0800
--- /dev/null
+From: Cory Quammen <cory.quammen@kitware.com>
+Date: Thu, 29 Sep 2022 13:10:00 -0400
+Subject: vtkXMLTreeReader: protect against possible nullptr dereference
+Origin: upstream,https://gitlab.kitware.com/vtk/vtk/-/commit/72119ea71422d2892f2a0475fc282835310f8d9e
+Forwarded: not-needed
+Bug-Debian: https://bugs.debian.org/1031877
+
+Vulnerability reported at
+https://nvd.nist.gov/vuln/detail/CVE-2021-42521.
+
+---
+ IO/Infovis/vtkXMLTreeReader.cxx | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/IO/Infovis/vtkXMLTreeReader.cxx b/IO/Infovis/vtkXMLTreeReader.cxx
+index 64abca37e96..af64572b27f 100644
+--- a/IO/Infovis/vtkXMLTreeReader.cxx
++++ b/IO/Infovis/vtkXMLTreeReader.cxx
+@@ -217,6 +217,12 @@ int vtkXMLTreeReader::RequestData(
+
+ // Get the root element node
+ xmlNode* rootElement = xmlDocGetRootElement(doc);
++ if (!rootElement)
++ {
++ vtkErrorMacro(<< "Could not get root element of document.");
++ return 0;
++ }
++
+ vtkXMLTreeReaderProcessElement(builder, -1, rootElement, this->ReadCharData, this->MaskArrays);
+
+ xmlFreeDoc(doc);
+--
+GitLab
+
projects / vtk9.git / commitdiff