mirror of
https://gitlab.gnome.org/GNOME/libxml2.git
synced 2025-03-13 20:58:16 +03:00
Fix infinite loops with push parser in recovery mode
Make sure that the input pointer advances in case of errors. Otherwise, the push parser can loop infinitely. Found with libFuzzer.
This commit is contained in:
parent
f435365b59
commit
52ceced6e7
4
parser.c
4
parser.c
@ -4421,7 +4421,7 @@ get_more:
|
||||
if (*in == ']') {
|
||||
if ((in[1] == ']') && (in[2] == '>')) {
|
||||
xmlFatalErr(ctxt, XML_ERR_MISPLACED_CDATA_END, NULL);
|
||||
ctxt->input->cur = in;
|
||||
ctxt->input->cur = in + 1;
|
||||
return;
|
||||
}
|
||||
in++;
|
||||
@ -4574,7 +4574,7 @@ xmlParseCharDataComplex(xmlParserCtxtPtr ctxt, int cdata) {
|
||||
}
|
||||
}
|
||||
}
|
||||
if ((cur != 0) && (!IS_CHAR(cur))) {
|
||||
if ((ctxt->input->cur < ctxt->input->end) && (!IS_CHAR(cur))) {
|
||||
/* Generate the error and skip the offending character */
|
||||
xmlFatalErrMsgInt(ctxt, XML_ERR_INVALID_CHAR,
|
||||
"PCDATA invalid Char value %d\n",
|
||||
|
Loading…
x
Reference in New Issue
Block a user