[libxml2] Reset HTML parser input before reporting encoding error
- From: Nick Wellnhofer <nwellnhof src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [libxml2] Reset HTML parser input before reporting encoding error
- Date: Thu, 2 Jul 2020 10:03:34 +0000 (UTC)
commit 13ba5b619a153f240320eb92b59158d657bdeb3a
Author: Nick Wellnhofer <wellnhofer aevum de>
Date: Sun Jun 28 13:16:46 2020 +0200
Reset HTML parser input before reporting encoding error
If charset conversion fails, reset the input pointers before reporting
the error and bailing out. Otherwise, the input pointers are left in an
invalid state which could lead to use-after-free and other memory
errors.
Similar to f9e7997e. Found by OSS-Fuzz.
HTMLparser.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
---
diff --git a/HTMLparser.c b/HTMLparser.c
index 9ade6635..7fba9429 100644
--- a/HTMLparser.c
+++ b/HTMLparser.c
@@ -6160,12 +6160,12 @@ htmlParseChunk(htmlParserCtxtPtr ctxt, const char *chunk, int size,
size_t current = ctxt->input->cur - ctxt->input->base;
nbchars = xmlCharEncInput(in, terminate);
+ xmlBufSetInputBaseCur(in->buffer, ctxt->input, base, current);
if (nbchars < 0) {
htmlParseErr(ctxt, XML_ERR_INVALID_ENCODING,
"encoder error\n", NULL, NULL);
return(XML_ERR_INVALID_ENCODING);
}
- xmlBufSetInputBaseCur(in->buffer, ctxt->input, base, current);
}
}
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
