c/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2 synced 2025-03-28 21:33:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix OOB read with invalid UTF-8 in xmlUTF8Strsize

Browse Source 
With certain invalid UTF-8, xmlUTF8Strsize can read up to 6 bytes
beyond the end of the string and return the wrong size.

This means that in xmlUTF8Strndup and similar code, some content behind
the string is copied. But since the terminating \0 is copied as well,
this probably can't be exploited to leak sensitive information.

Found by afl-fuzz and ASan.
This commit is contained in:
Nick Wellnhofer 2016-04-21 19:03:47 +02:00
parent cad102b861
commit 96a5c17ee1
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
xmlstring.c
View File

@ -837,8 +837,8 @@ xmlUTF8Strsize(const xmlChar *utf, int len) {
break;
if ( (ch = *ptr++) & 0x80)
while ((ch<<=1) & 0x80 ) {
ptr++;
if (*ptr == 0) break;
ptr++;
}
}
return (ptr - utf);