[xml] Buffer overflow error in entities.c

From: Eric Hanchrow <offby1 blarg net>
To: xml gnome org
Subject: [xml] Buffer overflow error in entities.c
Date: 01 Oct 2003 11:14:23 -0700

This is in libxml2 version 2.5.11.

Here's how to reproduce the problem: put the following two nonblank
lines into a file named "foo.xml":

        <?xml version="1.0"?>
        <foo>&#x10FFFF;</foo>

Now type "xmllint foo.xml", and examine the output.  Notice that the
semicolon is missing.  That's the bug.

Here's the fix:

    cd /usr/local/src/libxml2-2.5.11/
    diff -wu /usr/local/src/libxml2-2.5.11/entities.c\~ /usr/local/src/libxml2-2.5.11/entities.c
    --- /usr/local/src/libxml2-2.5.11/entities.c~   2003-07-15 06:34:04.000000000 -0700
    +++ /usr/local/src/libxml2-2.5.11/entities.c    2003-10-01 10:48:20.000000000 -0700
    @@ -670,7 +670,7 @@
                    /*
                     * We assume we have UTF-8 input.
                     */
    -               char buf[10], *ptr;
    +               char buf[11], *ptr;
                    int val = 0, l = 1;

                    if (*cur < 0xC0) {

    Diff finished at Wed Oct  1 11:10:41

(I tried to enter this bug into bugzilla.gnome.org, but that system
requires a password, and I got impatient waiting for the password to
be mailed to me.)

-- 
Asking the Iraqi people to assume Saddam's debts
is rather like telling a man who has been shot in the head
that he has to pay for the bullet.
        -- James Surowiecki

Follow-Ups:
- Re: [xml] Buffer overflow error in entities.c
  - From: Daniel Veillard

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]