[xml] [PATCH] Check hex or decimal entity for overflow

This is another fuzzing bug from chromium.

The entity parsing code in tree.c is getting integer overflow when a very long, invalid hex (or decimal) entity is used:  e.g. #xabcdefabcdef;

For these cases, I am setting the error to XML_TREE_UNTERMINATED_ENTITY.  The other 2 existing codes are XML_TREE_INVALID_HEX, XML_TREE_INVALID_DEC.  I thought unterminated is the better choice, but maybe a new code such as XML_TREE_INVALID_CHAR could be used.

See crbug.com/796804

Attachment: 0001-Check-hex-or-decimal-entity-for-overflow.patch
Description: Text Data

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]