diff --git a/ChangeLog b/ChangeLog index 08d4f054..712d805f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +Tue Mar 20 12:22:36 CET 2001 Daniel Veillard + + * parser.c: fixing bug 52299 strange condition leading + to a parser crash due to a buffer overflow + * result/noent/attrib.xml result/attrib.xml test/attrib.xml: + added the specific test case + Mon Mar 19 16:50:52 CET 2001 Daniel Veillard * xpath.[ch]: still a lot of cleanup based on XSLT, added diff --git a/parser.c b/parser.c index deb02d28..b5352f9c 100644 --- a/parser.c +++ b/parser.c @@ -2156,6 +2156,9 @@ xmlParseAttValue(xmlParserCtxtPtr ctxt) { buf[len++] = *current++; } } else { + if (len > buf_size - 10) { + growBuffer(buf); + } len += xmlCopyChar(0, &buf[len], val); } } else { @@ -2178,6 +2181,9 @@ xmlParseAttValue(xmlParserCtxtPtr ctxt) { xmlFree(rep); } } else { + if (len > buf_size - 10) { + growBuffer(buf); + } if (ent->content != NULL) buf[len++] = ent->content[0]; } diff --git a/result/attrib.xml b/result/attrib.xml new file mode 100644 index 00000000..89a1e572 --- /dev/null +++ b/result/attrib.xml @@ -0,0 +1,2 @@ + + diff --git a/result/noent/attrib.xml b/result/noent/attrib.xml new file mode 100644 index 00000000..89a1e572 --- /dev/null +++ b/result/noent/attrib.xml @@ -0,0 +1,2 @@ + + diff --git a/test/attrib.xml b/test/attrib.xml new file mode 100644 index 00000000..5be33fa4 --- /dev/null +++ b/test/attrib.xml @@ -0,0 +1 @@ +