mirror of
https://gitlab.gnome.org/GNOME/libxml2.git
synced 2024-10-27 04:55:04 +03:00
Fix buffer over-read in xmlParseNCNameComplex
Calling GROW can halt the parser if the buffer grows too large. This will set the buffer to an empty string. Return immediately in this case, otherwise the "current" pointer is advanced leading to a buffer over-read. Found with OSS-Fuzz. See https://oss-fuzz.com/testcase?key=6683819592646656 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5031
This commit is contained in:
parent
ad88b54f1a
commit
132af1a0d1
Loading…
Reference in New Issue
Block a user