You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
38 lines
1.2 KiB
38 lines
1.2 KiB
From 367c602b42f1afe7ed50508b01491b5690d54d52 Mon Sep 17 00:00:00 2001 |
|
From: Pranjal Jumde <pjumde@apple.com> |
|
Date: Mon, 7 Mar 2016 06:34:26 -0800 |
|
Subject: [PATCH] Bug 757711: heap-buffer-overflow in xmlFAParsePosCharGroup |
|
<https://bugzilla.gnome.org/show_bug.cgi?id=757711> |
|
To: libvir-list@redhat.com |
|
|
|
* xmlregexp.c: |
|
(xmlFAParseCharRange): Only advance to the next character if |
|
there is no error. Advancing to the next character in case of |
|
an error while parsing regexp leads to an out of bounds access. |
|
|
|
Signed-off-by: Daniel Veillard <veillard@redhat.com> |
|
--- |
|
xmlregexp.c | 3 ++- |
|
1 file changed, 2 insertions(+), 1 deletion(-) |
|
|
|
diff --git a/xmlregexp.c b/xmlregexp.c |
|
index 1f9911c..eb67b74 100644 |
|
--- a/xmlregexp.c |
|
+++ b/xmlregexp.c |
|
@@ -5050,11 +5050,12 @@ xmlFAParseCharRange(xmlRegParserCtxtPtr ctxt) { |
|
ERROR("Expecting the end of a char range"); |
|
return; |
|
} |
|
- NEXTL(len); |
|
+ |
|
/* TODO check that the values are acceptable character ranges for XML */ |
|
if (end < start) { |
|
ERROR("End of range is before start of range"); |
|
} else { |
|
+ NEXTL(len); |
|
xmlRegAtomAddRange(ctxt, ctxt->atom, ctxt->neg, |
|
XML_REGEXP_CHARVAL, start, end, NULL); |
|
} |
|
-- |
|
2.5.5 |
|
|
|
|