diff options
| author | Peter Valchev <pvalchev@cvs.openbsd.org> | 2008-06-12 19:18:51 +0000 |
|---|---|---|
| committer | Peter Valchev <pvalchev@cvs.openbsd.org> | 2008-06-12 19:18:51 +0000 |
| commit | 255d16bcfa7cc5ff48ab3377837699521d75b321 (patch) | |
| tree | 4a68a0c73c328a262901d72f6726545d54079267 /lib | |
| parent | 016d76b42f5668a3ec87b0eaae5db4dbdd895ac0 (diff) | |
fix parser crash w/ invalid UTF-8 char sequences (all apps that use expat
for XML parsing are affected)
reported & fixed in upstream cvs
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libexpat/lib/xmltok_impl.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/libexpat/lib/xmltok_impl.c b/lib/libexpat/lib/xmltok_impl.c index 12688192522..8154c1afa92 100644 --- a/lib/libexpat/lib/xmltok_impl.c +++ b/lib/libexpat/lib/xmltok_impl.c @@ -1748,6 +1748,9 @@ PREFIX(updatePosition)(const ENCODING *enc, switch (BYTE_TYPE(enc, ptr)) { #define LEAD_CASE(n) \ case BT_LEAD ## n: \ + if (end - ptr < n) { \ + return; \ + } \ ptr += n; \ break; LEAD_CASE(2) LEAD_CASE(3) LEAD_CASE(4) |