mirror of
https://gitlab.gnome.org/GNOME/libxml2.git
synced 2024-10-26 12:25:09 +03:00
Bug 757711: heap-buffer-overflow in xmlFAParsePosCharGroup <https://bugzilla.gnome.org/show_bug.cgi?id=757711>
* xmlregexp.c: (xmlFAParseCharRange): Only advance to the next character if there is no error. Advancing to the next character in case of an error while parsing regexp leads to an out of bounds access.
This commit is contained in:
parent
40fd6d2a1b
commit
cbb271655c
@ -5057,11 +5057,12 @@ xmlFAParseCharRange(xmlRegParserCtxtPtr ctxt) {
|
|||||||
ERROR("Expecting the end of a char range");
|
ERROR("Expecting the end of a char range");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
NEXTL(len);
|
|
||||||
/* TODO check that the values are acceptable character ranges for XML */
|
/* TODO check that the values are acceptable character ranges for XML */
|
||||||
if (end < start) {
|
if (end < start) {
|
||||||
ERROR("End of range is before start of range");
|
ERROR("End of range is before start of range");
|
||||||
} else {
|
} else {
|
||||||
|
NEXTL(len);
|
||||||
xmlRegAtomAddRange(ctxt, ctxt->atom, ctxt->neg,
|
xmlRegAtomAddRange(ctxt, ctxt->atom, ctxt->neg,
|
||||||
XML_REGEXP_CHARVAL, start, end, NULL);
|
XML_REGEXP_CHARVAL, start, end, NULL);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user