Re: [xml] [PATCH] Check hex or decimal entity for overflow

Updated patch with XML_ERR_INVALID_CHAR.

On Tue, Jan 9, 2018 at 5:55 AM, Nick Wellnhofer <wellnhofer aevum de> wrote:
On 08/01/2018 02:06, Joel Hockey wrote:
The entity parsing code in tree.c is getting integer overflow when a very long, invalid hex (or decimal) entity is used:  e.g. #xabcdefabcdef;

This is probably the same issue as

Also see

The issue only arises in "recovery" mode (XML_PARSE_RECOVER). In the past, I tried to fix similar issues by not adding nodes containing invalid character references at all in an earlier stage of the parsing code, but I'm fine with your approach.

For these cases, I am setting the error to XML_TREE_UNTERMINATED_ENTITY.  The other 2 existing codes are XML_TREE_INVALID_HEX, XML_TREE_INVALID_DEC.  I thought unterminated is the better choice, but maybe a new code such as XML_TREE_INVALID_CHAR could be used.

Regarding the error code, we could simply use XML_ERR_INVALID_CHAR or not report an error at all since invalid numeric character references are already detected and reported earlier.


Attachment: 0001-Check-hex-or-decimal-entity-for-overflow.patch
Description: Text Data

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]