diff options
author | David Kilzer <ddkilzer@apple.com> | 2016-01-26 16:57:03 -0800 |
---|---|---|
committer | Daniel Veillard <veillard@redhat.com> | 2016-05-23 15:01:07 +0800 |
commit | 00906759053986b8079985644172085f74331f83 (patch) | |
tree | 601118b023e44bb4d09a25bd36c7e59c9655113f /error.c | |
parent | 38eae571111db3b43ffdeb05487c9f60551906fb (diff) | |
download | libxml2-00906759053986b8079985644172085f74331f83.tar.gz |
Heap-based buffer-underreads due to xmlParseName
For https://bugzilla.gnome.org/show_bug.cgi?id=759573
* parser.c:
(xmlParseElementDecl): Return early on invalid input to fix
non-minimized test case (759573-2.xml). Otherwise the parser
gets into a bad state in SKIP(3) at the end of the function.
(xmlParseConditionalSections): Halt parsing when hitting invalid
input that would otherwise caused xmlParserHandlePEReference()
to recurse unexpectedly. This fixes the minimized test case
(759573.xml).
* result/errors/759573-2.xml: Add.
* result/errors/759573-2.xml.err: Add.
* result/errors/759573-2.xml.str: Add.
* result/errors/759573.xml: Add.
* result/errors/759573.xml.err: Add.
* result/errors/759573.xml.str: Add.
* test/errors/759573-2.xml: Add.
* test/errors/759573.xml: Add.
Diffstat (limited to 'error.c')
0 files changed, 0 insertions, 0 deletions