diff options
author | Nick Wellnhofer <wellnhofer@aevum.de> | 2018-07-30 12:54:38 +0200 |
---|---|---|
committer | Nick Wellnhofer <wellnhofer@aevum.de> | 2018-07-30 12:54:38 +0200 |
commit | a436374994c47b12d5de1b8b1d191a098fa23594 (patch) | |
tree | 1e42047f4acfd5dee8c4905a6427917ee45bfba4 /xmlreader.c | |
parent | b7c50b8ddeae4662c639369360f34b832b6b2e49 (diff) | |
download | libxml2-a436374994c47b12d5de1b8b1d191a098fa23594.tar.gz |
Fix nullptr deref with XPath logic ops
If the XPath stack is corrupted, for example by a misbehaving extension
function, the "and" and "or" XPath operators could dereference NULL
pointers. Check that the XPath stack isn't empty and optimize the
logic operators slightly.
Closes: https://gitlab.gnome.org/GNOME/libxml2/issues/5
Also see
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817
https://bugzilla.redhat.com/show_bug.cgi?id=1595985
This is CVE-2018-14404.
Thanks to Guy Inbar for the report.
Diffstat (limited to 'xmlreader.c')
0 files changed, 0 insertions, 0 deletions