shaba/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-02-22 21:57:21 +03:00
Code

ChunkParser: Incorrect decoding of small xml files

Browse Source 
if encoding was autodetected, in xmlParseChunk, if initial size is 86 (a
chunk in UTF-16 encoding), the code that tries to read only the first line
will set the size to 90, which eventually leads to a memmove of 90 bytes
(in xmlBufferAdd) which will copy extra random memory bytes, which will
make the parser to fail because of these extra bytes.
This commit is contained in:
Raul Hudea 2010-03-15 10:13:29 +01:00 committed by Daniel Veillard
parent a7a6a4b2f3
commit ba9716a197
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
parser.c
View File

@ -11562,8 +11562,17 @@ xmldecl_done:
if (ctxt->input->buf->rawconsumed < len)
len -= ctxt->input->buf->rawconsumed;
remain = size - len;
size = len;
/*
* Change size for reading the initial declaration only
* if size is greater than len. Otherwise, memmove in xmlBufferAdd
* will blindly copy extra bytes from memory.
*/
if (size > len) {
remain = size - len;
size = len;
} else {
remain = 0;
}
}
res =xmlParserInputBufferPush(ctxt->input->buf, size, chunk);
if (res < 0) {