shaba/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-03-13 20:58:16 +03:00
Code

Fix integer overflow in _xmlSchemaParseGYear

Browse Source 
Found with libFuzzer and UBSan.
This commit is contained in:
Nick Wellnhofer 2020-06-21 19:14:23 +02:00
parent 070d635e77
commit 18425d3ad5
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
xmlschemastypes.c
View File

@ -1222,7 +1222,14 @@ _xmlSchemaParseGYear (xmlSchemaValDatePtr dt, const xmlChar **str) {
firstChar = cur;
while ((*cur >= '0') && (*cur <= '9')) {
dt->year = dt->year * 10 + (*cur - '0');
int digit = *cur - '0';
if (dt->year > LONG_MAX / 10)
return 2;
dt->year *= 10;
if (dt->year > LONG_MAX - digit)
return 2;
dt->year += digit;
cur++;
digcnt++;
}