shaba/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2024-10-26 20:25:14 +03:00
Code Releases Activity

Reset HTML parser input before reporting encoding error

Browse Source 
If charset conversion fails, reset the input pointers before reporting
the error and bailing out. Otherwise, the input pointers are left in an
invalid state which could lead to use-after-free and other memory
errors.

Similar to f9e7997e. Found by OSS-Fuzz.
This commit is contained in:
Nick Wellnhofer 2020-06-28 13:16:46 +02:00
parent 1e7851b5ae
commit 13ba5b619a
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
HTMLparser.c
View File

@ -6160,12 +6160,12 @@ htmlParseChunk(htmlParserCtxtPtr ctxt, const char *chunk, int size,
size_t current = ctxt->input->cur - ctxt->input->base; size_t current = ctxt->input->cur - ctxt->input->base;
nbchars = xmlCharEncInput(in, terminate); nbchars = xmlCharEncInput(in, terminate);
xmlBufSetInputBaseCur(in->buffer, ctxt->input, base, current);
if (nbchars < 0) { if (nbchars < 0) {
htmlParseErr(ctxt, XML_ERR_INVALID_ENCODING, htmlParseErr(ctxt, XML_ERR_INVALID_ENCODING,
"encoder error\n", NULL, NULL); "encoder error\n", NULL, NULL);
return(XML_ERR_INVALID_ENCODING); return(XML_ERR_INVALID_ENCODING);
} }
xmlBufSetInputBaseCur(in->buffer, ctxt->input, base, current);
} }
} }
} }