diff options
| author |   pvalchev <pvalchev@openbsd.org> | 2008-06-12 19:18:50 +0000 |
|---|---|---|
| committer | pvalchev <pvalchev@openbsd.org> | 2008-06-12 19:18:50 +0000 |
| commit | d461dfd34a8de2260eba7756d4bb50e6a373b30e (patch) | |
| tree | 7b28de3de8bb4953d5b5959d002004ad632f7e8a | |
| parent | The mmap offsets for memory buffers currently are the kernel virtual (diff) | |
| download | wireguard-openbsd-d461dfd34a8de2260eba7756d4bb50e6a373b30e.tar.xz wireguard-openbsd-d461dfd34a8de2260eba7756d4bb50e6a373b30e.zip | |
fix parser crash w/ invalid UTF-8 char sequences (all apps that use expat
for XML parsing are affected)
reported & fixed in upstream cvs
| -rw-r--r-- | lib/libexpat/lib/xmltok_impl.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/libexpat/lib/xmltok_impl.c b/lib/libexpat/lib/xmltok_impl.c index 12688192522..8154c1afa92 100644 --- a/lib/libexpat/lib/xmltok_impl.c +++ b/lib/libexpat/lib/xmltok_impl.c @@ -1748,6 +1748,9 @@ PREFIX(updatePosition)(const ENCODING *enc, switch (BYTE_TYPE(enc, ptr)) { #define LEAD_CASE(n) \ case BT_LEAD ## n: \ + if (end - ptr < n) { \ + return; \ + } \ ptr += n; \ break; LEAD_CASE(2) LEAD_CASE(3) LEAD_CASE(4) |