## 551936_CVE_2009_2625.dpatch by Daniel Leidert (dale) <daniel.leidert@wgdd.de>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: A vulnarability allows remote attackers to cause a denial of service
## DP: infinite loop and application hang) via malformed XML input.
## DP:
## DP: <URL:http://bugs.debian.org/551936>
## DP: <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625>
## DP: <URL:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.15&r2=1.13>

diff -urNad lib/xmltok_impl.c lib/xmltok_impl.c
--- lib/xmltok_impl.c
+++ lib/xmltok_impl.c
@@ -1744,7 +1744,7 @@
                        const char *end,
                        POSITION *pos)
 {
-  while (ptr != end) {
+  while (ptr < end) {
     switch (BYTE_TYPE(enc, ptr)) {
 #define LEAD_CASE(n) \
     case BT_LEAD ## n: \