diff options
author | Daniel Veillard <veillard@redhat.com> | 2016-02-09 12:55:29 +0100 |
---|---|---|
committer | Daniel Veillard <veillard@redhat.com> | 2016-02-09 12:55:29 +0100 |
commit | a7a94612aa3b16779e2c74e1fa353b5d9786c602 (patch) | |
tree | 6d71fd02522847fb75621353c7646e8025c434ba /parser.c | |
parent | 6657afe83a38278f124ace71dc85f60420beb2d5 (diff) | |
download | libxml2-a7a94612aa3b16779e2c74e1fa353b5d9786c602.tar.gz |
Heap-based buffer overread in xmlNextCharCVE-2016-1762
For https://bugzilla.gnome.org/show_bug.cgi?id=759671
when the end of the internal subset isn't properly detected
xmlParseInternalSubset should just return instead of trying
to process input further.
Diffstat (limited to 'parser.c')
-rw-r--r-- | parser.c | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -8468,6 +8468,7 @@ xmlParseInternalSubset(xmlParserCtxtPtr ctxt) { */ if (RAW != '>') { xmlFatalErr(ctxt, XML_ERR_DOCTYPE_NOT_FINISHED, NULL); + return; } NEXT; } |