shaba/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2024-10-26 12:25:09 +03:00
Code Releases Activity

Bug 757711: heap-buffer-overflow in xmlFAParsePosCharGroup <https://bugzilla.gnome.org/show_bug.cgi?id=757711>

Browse Source 
* xmlregexp.c:
(xmlFAParseCharRange): Only advance to the next character if
there is no error.  Advancing to the next character in case of
an error while parsing regexp leads to an out of bounds access.
This commit is contained in:
Pranjal Jumde 2016-03-07 06:34:26 -08:00 committed by Daniel Veillard
parent 40fd6d2a1b
commit cbb271655c
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
xmlregexp.c
View File

@ -5057,11 +5057,12 @@ xmlFAParseCharRange(xmlRegParserCtxtPtr ctxt) {
ERROR("Expecting the end of a char range"); ERROR("Expecting the end of a char range");
return; return;
} }
NEXTL(len);
/* TODO check that the values are acceptable character ranges for XML */ /* TODO check that the values are acceptable character ranges for XML */
if (end < start) { if (end < start) {
ERROR("End of range is before start of range"); ERROR("End of range is before start of range");
} else { } else {
NEXTL(len);
xmlRegAtomAddRange(ctxt, ctxt->atom, ctxt->neg, xmlRegAtomAddRange(ctxt, ctxt->atom, ctxt->neg,
XML_REGEXP_CHARVAL, start, end, NULL); XML_REGEXP_CHARVAL, start, end, NULL);
} }