Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / libxml2 / 48a151c815527f172bbea906cb707c12fdd9259c
commit48a151c815527f172bbea906cb707c12fdd9259c[log] [tgz]
authorBrian C. Young <bcyoung@google.com>Mon Apr 03 12:39:04 2017 -0700
committerDirk Vogt <dirk@fairphone.com>Tue May 16 10:24:19 2017 +0200
tree14940d6ea777c7525d71d217a2842eef464d0bf4
parent28c53d339c0772c7b38d7ace03f795c6952ca278 [diff]
DO NOT MERGE: Disallow namespace nodes in XPointer ranges

Namespace nodes must be copied to avoid use-after-free errors.
But they don't necessarily have a physical representation in a
document, so simply disallow them in XPointer ranges.

Found with afl-fuzz.

Fixes CVE-2016-4658.

FPIIM-798
FPIIM-796

Bug: 36554207
Change-Id: Ie570c4a53ae8ca82ed4ca19701ab7d8ba9b0468f
(cherry picked from commit 802cd32b480db799d282557ebbfddc1cf074be5f)
1 file changed
tree: 14940d6ea777c7525d71d217a2842eef464d0bf4
  1. bakefile/
  2. doc/
  3. example/
  4. include/
  5. macos/
  6. optim/
  7. os400/
  8. python/
  9. result/
  10. test/
  11. vms/
  12. VxWorks/
  13. win32/
  14. xstc/
  15. NOTICECopyright
  16. .gitignore
  17. acinclude.m4
  18. Android.mk
  19. AUTHORS
  20. autogen.sh
  21. buf.c
  22. buf.h
  23. build_glob.py
  24. c14n.c
  25. catalog.c
  26. ChangeLog
  27. check-relaxng-test-suite.py
  28. check-relaxng-test-suite2.py
  29. check-xinclude-test-suite.py
  30. check-xml-test-suite.py
  31. check-xsddata-test-suite.py
  32. chvalid.c
  33. chvalid.def
  34. CleanSpec.mk
  35. config.h
  36. configure.ac
  37. Copyright
  38. dbgen.pl
  39. dbgenattr.pl
  40. debugXML.c
  41. dict.c
  42. DOCBparser.c
  43. elfgcchack.h
  44. enc.h
  45. encoding.c
  46. entities.c
  47. error.c
  48. genChRanges.py
  49. gentest.py
  50. genUnicode.py
  51. global.data
  52. globals.c
  53. HACKING
  54. hash.c
  55. HTMLparser.c
  56. HTMLtree.c
  57. INSTALL.libxml2
  58. legacy.c
  59. libxml-2.0-uninstalled.pc.in
  60. libxml-2.0.pc.in
  61. libxml.3
  62. libxml.h
  63. libxml.m4
  64. libxml.spec.in
  65. libxml2-config.cmake.in
  66. libxml2.doap
  67. libxml2.syms
  68. list.c
  69. MAINTAINERS
  70. Makefile.am
  71. Makefile.tests
  72. Makefile.win
  73. MODULE_LICENSE_MIT
  74. nanoftp.c
  75. nanohttp.c
  76. NEWS
  77. parser.c
  78. parserInternals.c
  79. pattern.c
  80. README
  81. README.cvs-commits
  82. README.tests
  83. regressions.py
  84. regressions.xml
  85. relaxng.c
  86. rngparser.c
  87. runsuite.c
  88. runtest.c
  89. runxmlconf.c
  90. save.h
  91. SAX.c
  92. SAX2.c
  93. schematron.c
  94. testapi.c
  95. testAutomata.c
  96. testC14N.c
  97. testchar.c
  98. testdict.c
  99. testdso.c
  100. testHTML.c
  101. testlimits.c
  102. testModule.c
  103. testOOM.c
  104. testOOMlib.c
  105. testOOMlib.h
  106. testReader.c
  107. testrecurse.c
  108. testRegexp.c
  109. testRelax.c
  110. testSAX.c
  111. testSchemas.c
  112. testThreads.c
  113. testThreadsWin32.c
  114. testURI.c
  115. testXPath.c
  116. threads.c
  117. timsort.h
  118. TODO
  119. TODO_SCHEMAS
  120. tree.c
  121. trio.c
  122. trio.h
  123. triodef.h
  124. trionan.c
  125. trionan.h
  126. triop.h
  127. triostr.c
  128. triostr.h
  129. uri.c
  130. valid.c
  131. xinclude.c
  132. xlink.c
  133. xml2-config.1
  134. xml2-config.in
  135. xml2Conf.sh.in
  136. xmlcatalog.c
  137. xmlIO.c
  138. xmllint.c
  139. xmlmemory.c
  140. xmlmodule.c
  141. xmlreader.c
  142. xmlregexp.c
  143. xmlsave.c
  144. xmlschemas.c
  145. xmlschemastypes.c
  146. xmlstring.c
  147. xmlunicode.c
  148. xmlwriter.c
  149. xpath.c
  150. xpointer.c
  151. xzlib.c
  152. xzlib.h