shaba/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-03-10 08:58:16 +03:00
Code

Heap-buffer-overflow read of size 1 in xmlFAParsePosCharGroup

Browse Source 
Credit to OSS-Fuzz.

Add a check to xmlFAParseCharRange() for the end of the buffer
to prevent reading past the end of it.

This fixes Bug 784017.
This commit is contained in:
David Kilzer 2017-07-04 18:38:03 +02:00 committed by Nick Wellnhofer
parent 8a0c66986e
commit fb56f80eef
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
xmlregexp.c
View File

@ -5053,7 +5053,7 @@ xmlFAParseCharRange(xmlRegParserCtxtPtr ctxt) {
return;
}
len = 1;
} else if ((cur != 0x5B) && (cur != 0x5D)) {
} else if ((cur != '\0') && (cur != 0x5B) && (cur != 0x5D)) {
end = CUR_SCHAR(ctxt->cur, len);
} else {
ERROR("Expecting the end of a char range");