ed9a076b6e47768643053b7eb4475863f24d4cca - fp2-dev/platform/external/expat

commit	ed9a076b6e47768643053b7eb4475863f24d4cca	[log] [tgz]
author	Teow Wan Yee <wy.teow@hi-p.com>	Wed Oct 19 14:08:23 2016 +0800
committer	WY Teow <wy.teow@hi-p.com>	Wed Oct 19 14:48:00 2016 +0800
tree	2994ec3db087020d88499585dc0c5dbc4fee1a7f
parent	907ec055718996baf36961e7f47f8447e49b3865 [diff]

FPII-2507: Remote code execution vulnerability in Expat CVE-2016-0718 A-28698301

Invalid UTF-16 tests could cause the Expat to read past the end of the buffer.

The fix is designed to make sure that there are enough bytes to read a whole UTF-16 character
and to fix the range checks to fail in the event of a second overflow bug.

Change-Id: Ibb83219938c62aa4f08b1e44e653d7b50b6d3549

lib/xmlparse.c[diff]
lib/xmltok.c[diff]
lib/xmltok.h[diff]
lib/xmltok_impl.c[diff]

4 files changed

tree: 2994ec3db087020d88499585dc0c5dbc4fee1a7f

doc/
examples/
lib/
tests/
Android.mk
Changes
CleanSpec.mk
expat_config.h
import_expat.sh
MODULE_LICENSE_BSD_LIKE
NOTICE
README
README.android