commit | ed9a076b6e47768643053b7eb4475863f24d4cca | [log] [tgz] |
---|---|---|
author | Teow Wan Yee <wy.teow@hi-p.com> | Wed Oct 19 14:08:23 2016 +0800 |
committer | WY Teow <wy.teow@hi-p.com> | Wed Oct 19 14:48:00 2016 +0800 |
tree | 2994ec3db087020d88499585dc0c5dbc4fee1a7f | |
parent | 907ec055718996baf36961e7f47f8447e49b3865 [diff] |
FPII-2507: Remote code execution vulnerability in Expat CVE-2016-0718 A-28698301 Invalid UTF-16 tests could cause the Expat to read past the end of the buffer. The fix is designed to make sure that there are enough bytes to read a whole UTF-16 character and to fix the range checks to fail in the event of a second overflow bug. Change-Id: Ibb83219938c62aa4f08b1e44e653d7b50b6d3549