[xml] [PATCH] Check hex or decimal entity for overflow

From: Joel Hockey <joelhockey chromium org>
To: xml gnome org
Subject: [xml] [PATCH] Check hex or decimal entity for overflow
Date: Mon, 8 Jan 2018 12:06:41 +1100

This is another fuzzing bug from chromium.

The entity parsing code in tree.c is getting integer overflow when a very long, invalid hex (or decimal) entity is used: e.g. #xabcdefabcdef;

For these cases, I am setting the error to XML_TREE_UNTERMINATED_ENTITY. The other 2 existing codes are XML_TREE_INVALID_HEX, XML_TREE_INVALID_DEC. I thought unterminated is the better choice, but maybe a new code such as XML_TREE_INVALID_CHAR could be used.

See crbug.com/796804

Attachment: 0001-Check-hex-or-decimal-entity-for-overflow.patch
Description: Text Data

Follow-Ups:
- Re: [xml] [PATCH] Check hex or decimal entity for overflow
  - From: Nick Wellnhofer

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]