commit c84ad1507fa42c25937af06e349c8f2f9bc34c11
Author: Tomas Korbar <tkorbar@redhat.com>
Date:   Fri Nov 8 11:18:42 2024 +0100

    Fix CVE-2024-50602
    
    See https://github.com/libexpat/libexpat/pull/915

diff --git a/expat/lib/expat.h b/expat/lib/expat.h
index afe12c5..157953c 100644
--- a/expat/lib/expat.h
+++ b/expat/lib/expat.h
@@ -124,7 +124,9 @@ enum XML_Error {
   XML_ERROR_RESERVED_PREFIX_XMLNS,
   XML_ERROR_RESERVED_NAMESPACE_URI,
   /* Added in 2.2.1. */
-  XML_ERROR_INVALID_ARGUMENT
+  XML_ERROR_INVALID_ARGUMENT,
+  /* Added in 2.6.4. */
+  XML_ERROR_NOT_STARTED
 };
 
 enum XML_Content_Type {
diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
index 698e907..ed079a5 100644
--- a/expat/lib/xmlparse.c
+++ b/expat/lib/xmlparse.c
@@ -2170,6 +2170,9 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable)
   if (parser == NULL)
     return XML_STATUS_ERROR;
   switch (parser->m_parsingStatus.parsing) {
+  case XML_INITIALIZED:
+    parser->m_errorCode = XML_ERROR_NOT_STARTED;
+    return XML_STATUS_ERROR;
   case XML_SUSPENDED:
     if (resumable) {
       parser->m_errorCode = XML_ERROR_SUSPENDED;
@@ -2180,7 +2183,7 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable)
   case XML_FINISHED:
     parser->m_errorCode = XML_ERROR_FINISHED;
     return XML_STATUS_ERROR;
-  default:
+  case XML_PARSING:
     if (resumable) {
 #ifdef XML_DTD
       if (parser->m_isParamEntity) {
@@ -2192,6 +2195,9 @@ XML_StopParser(XML_Parser parser, XML_Bool resumable)
     }
     else
       parser->m_parsingStatus.parsing = XML_FINISHED;
+    break;
+  default:
+    assert(0);
   }
   return XML_STATUS_OK;
 }
@@ -2456,6 +2462,9 @@ XML_ErrorString(enum XML_Error code)
   /* Added in 2.2.5. */
   case XML_ERROR_INVALID_ARGUMENT:  /* Constant added in 2.2.1, already */
     return XML_L("invalid argument");
+  /* Added in 2.6.4. */
+  case XML_ERROR_NOT_STARTED:
+    return XML_L("parser not started");
   }
   return NULL;
 }
diff --git a/expat/tests/runtests.c b/expat/tests/runtests.c
index 6a3e09a..7b6d9fb 100644
--- a/expat/tests/runtests.c
+++ b/expat/tests/runtests.c
@@ -9162,6 +9162,28 @@ START_TEST(test_misc_utf16le)
 END_TEST
 
 
+START_TEST(test_misc_resumeparser_not_crashing) {
+  XML_Parser parser = XML_ParserCreate(NULL);
+  XML_GetBuffer(parser, 1);
+  XML_StopParser(parser, /*resumable=*/XML_TRUE);
+  XML_ResumeParser(parser); // could crash here, previously
+  XML_ParserFree(parser);
+}
+END_TEST
+
+START_TEST(test_misc_stopparser_rejects_unstarted_parser) {
+  const XML_Bool cases[] = {XML_TRUE, XML_FALSE};
+  for (size_t i = 0; i < sizeof(cases) / sizeof(cases[0]); i++) {
+    const XML_Bool resumable = cases[i];
+    XML_Parser parser = XML_ParserCreate(NULL);
+    assert_true(XML_GetErrorCode(parser) == XML_ERROR_NONE);
+    assert_true(XML_StopParser(parser, resumable) == XML_STATUS_ERROR);
+    assert_true(XML_GetErrorCode(parser) == XML_ERROR_NOT_STARTED);
+    XML_ParserFree(parser);
+  }
+}
+END_TEST
+
 static void
 alloc_setup(void)
 {
@@ -13325,6 +13347,8 @@ make_suite(void)
     tcase_add_test(tc_misc,
                    test_misc_deny_internal_entity_closing_doctype_issue_317);
 #endif
+    tcase_add_test(tc_misc, test_misc_resumeparser_not_crashing);
+    tcase_add_test(tc_misc, test_misc_stopparser_rejects_unstarted_parser);
 
     suite_add_tcase(s, tc_alloc);
     tcase_add_checked_fixture(tc_alloc, alloc_setup, alloc_teardown);