Nick Wellnhofer 9ab01a277d Fix XPointer paths beginning with range-to ...

The old code would invoke the broken xmlXPtrRangeToFunction. range-to
isn't really a function but a special kind of location step. Remove
this function and always handle range-to in the XPath code.

The old xmlXPtrRangeToFunction could also be abused to trigger a
use-after-free error with the potential for remote code execution.

Found with afl-fuzz.

Fixes CVE-2016-5131.

2016-10-12 13:12:18 +02:00

..

chapterschildseq

improved the script accordingly to the XInclude regression tests updates

2003-02-13 15:52:58 +00:00

chaptersparts

Added XPointer: - configure.in Makefile.am include/makefile.am: adding

2000-10-10 23:50:30 +00:00

chaptersrange

More work on XPointer

2000-10-13 16:38:25 +00:00

strpoint

General fixes, XPointer improvements:

2000-11-24 23:36:01 +00:00

strrange

More work on XPointer

2000-10-13 16:38:25 +00:00

strrange2

- parser.[ch]: added xmlIOParseDTD()

2000-10-30 15:36:47 +00:00

strrange3

General fixes, XPointer improvements:

2000-11-24 23:36:01 +00:00

vidbase

Fix XPointer paths beginning with range-to

2016-10-12 13:12:18 +02:00

vidchildseq

improved the script accordingly to the XInclude regression tests updates

2003-02-13 15:52:58 +00:00

viderror

Fix NULL pointer deref in XPointer range-to

2016-06-25 14:24:51 +02:00

vidparts

Added XPointer: - configure.in Makefile.am include/makefile.am: adding

2000-10-10 23:50:30 +00:00