Re: [xml] Heap use after free in parser.c
- From: Nick Wellnhofer <wellnhofer aevum de>
- To: Jay Civelli <jcivelli google com>, xml gnome org
- Subject: Re: [xml] Heap use after free in parser.c
- Date: Mon, 8 Jan 2018 20:27:00 +0100
On 02/01/2018 20:08, Jay Civelli via xml wrote:
We ran into a heap use after free in Chromium http://crbug.com/793715
<http://crbug.com/793715> that I think I tracked down.
I don't have access to this page.
I have a tentative patch attached to address it.
In parser.c, if a call to xmlCharEncInput() fails and has grown the buffer,
the ctxt object could still point to the old deleted buffer.
Maybe it's better to call xmlHaltParser if xmlCharEncInput fails. That's what
the other code path in xmlParseChunk does.
Nick
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
