mirror of
https://gitlab.gnome.org/GNOME/libxml2.git
synced 2025-07-29 11:41:22 +03:00
Avoid creating an out-of-bounds pointer by rewriting a check
Creating more than one-past-the-end pointers is undefined behaviour in C and while this code is unlikely to be miscompiled, I discovered that an out-of-bounds pointer is being created using UBSan on a CHERI-enabled system.
This commit is contained in:
Alex Richardson
committed by
Nick Wellnhofer
Nick Wellnhofer
parent
c62c0d82cc
commit
c715ded086
@ -2314,7 +2314,7 @@ htmlEncodeEntities(unsigned char* out, int *outlen,
|
||||
else
|
||||
cp = ent->name;
|
||||
len = strlen(cp);
|
||||
if (out + 2 + len > outend)
|
||||
if (outend - out < len + 2)
|
||||
break;
|
||||
*out++ = '&';
|
||||
memcpy(out, cp, len);
|
||||
|
||||
Reference in New Issue
Block a user