lib/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-07-30 22:43:14 +03:00
Code Activity

Heap-buffer-overflow read of size 1 in xmlFAParsePosCharGroup

Browse Source 
Credit to OSS-Fuzz.

Add a check to xmlFAParseCharRange() for the end of the buffer
to prevent reading past the end of it.

This fixes Bug 784017.
This commit is contained in:
David Kilzer
2017-07-04 18:38:03 +02:00
committed by Nick Wellnhofer
parent 8a0c66986e
commit fb56f80eef
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
xmlregexp.c
View File

@ -5053,7 +5053,7 @@ xmlFAParseCharRange(xmlRegParserCtxtPtr ctxt) {
return; return;
} }
len = 1; len = 1;
} else if ((cur != 0x5B) && (cur != 0x5D)) { } else if ((cur != '\0') && (cur != 0x5B) && (cur != 0x5D)) {
end = CUR_SCHAR(ctxt->cur, len); end = CUR_SCHAR(ctxt->cur, len);
} else { } else {
ERROR("Expecting the end of a char range"); ERROR("Expecting the end of a char range");