Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / libxml2 / 132af1a0d1e949ea0a488c31689f83c1dde7df7d
commit132af1a0d1e949ea0a488c31689f83c1dde7df7d[log] [tgz]
authorNick Wellnhofer <wellnhofer@aevum.de>Mon Jan 08 18:48:01 2018 +0100
committerNick Wellnhofer <wellnhofer@aevum.de>Mon Jan 08 18:48:01 2018 +0100
tree6bdfc12ed88c6feddc0ef518ea107ca459e23674
parentad88b54f1a28a8565964a370b5d387927b633c0d [diff]
Fix buffer over-read in xmlParseNCNameComplex

Calling GROW can halt the parser if the buffer grows too large. This
will set the buffer to an empty string. Return immediately in this case,
otherwise the "current" pointer is advanced leading to a buffer over-read.

Found with OSS-Fuzz. See

https://oss-fuzz.com/testcase?key=6683819592646656
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5031
1 file changed
tree: 6bdfc12ed88c6feddc0ef518ea107ca459e23674
  1. bakefile/
  2. doc/
  3. example/
  4. include/
  5. macos/
  6. optim/
  7. os400/
  8. python/
  9. result/
  10. test/
  11. vms/
  12. VxWorks/
  13. win32/
  14. xstc/
  15. .gitignore
  16. .travis.yml
  17. acinclude.m4
  18. AUTHORS
  19. autogen.sh
  20. buf.c
  21. buf.h
  22. build_glob.py
  23. c14n.c
  24. catalog.c
  25. ChangeLog
  26. check-relaxng-test-suite.py
  27. check-relaxng-test-suite2.py
  28. check-xinclude-test-suite.py
  29. check-xml-test-suite.py
  30. check-xsddata-test-suite.py
  31. chvalid.c
  32. chvalid.def
  33. configure.ac
  34. CONTRIBUTING
  35. Copyright
  36. dbgen.pl
  37. dbgenattr.pl
  38. debugXML.c
  39. dict.c
  40. DOCBparser.c
  41. elfgcchack.h
  42. enc.h
  43. encoding.c
  44. entities.c
  45. error.c
  46. genChRanges.py
  47. gentest.py
  48. genUnicode.py
  49. global.data
  50. globals.c
  51. hash.c
  52. HTMLparser.c
  53. HTMLtree.c
  54. INSTALL.libxml2
  55. legacy.c
  56. libxml-2.0-uninstalled.pc.in
  57. libxml-2.0.pc.in
  58. libxml.3
  59. libxml.h
  60. libxml.m4
  61. libxml.spec.in
  62. libxml2-config.cmake.in
  63. libxml2.doap
  64. libxml2.syms
  65. list.c
  66. MAINTAINERS
  67. Makefile.am
  68. Makefile.tests
  69. Makefile.win
  70. nanoftp.c
  71. nanohttp.c
  72. NEWS
  73. parser.c
  74. parserInternals.c
  75. pattern.c
  76. README
  77. README.cvs-commits
  78. README.tests
  79. README.zOS
  80. regressions.py
  81. regressions.xml
  82. relaxng.c
  83. rngparser.c
  84. runsuite.c
  85. runtest.c
  86. runxmlconf.c
  87. save.h
  88. SAX.c
  89. SAX2.c
  90. schematron.c
  91. testapi.c
  92. testAutomata.c
  93. testC14N.c
  94. testchar.c
  95. testdict.c
  96. testdso.c
  97. testHTML.c
  98. testlimits.c
  99. testModule.c
  100. testOOM.c
  101. testOOMlib.c
  102. testOOMlib.h
  103. testReader.c
  104. testrecurse.c
  105. testRegexp.c
  106. testRelax.c
  107. testSAX.c
  108. testSchemas.c
  109. testThreads.c
  110. testThreadsWin32.c
  111. testURI.c
  112. testXPath.c
  113. threads.c
  114. timsort.h
  115. TODO
  116. TODO_SCHEMAS
  117. tree.c
  118. trio.c
  119. trio.h
  120. triodef.h
  121. trionan.c
  122. trionan.h
  123. triop.h
  124. triostr.c
  125. triostr.h
  126. uri.c
  127. valid.c
  128. xinclude.c
  129. xlink.c
  130. xml2-config.1
  131. xml2-config.in
  132. xml2Conf.sh.in
  133. xmlcatalog.c
  134. xmlIO.c
  135. xmllint.c
  136. xmlmemory.c
  137. xmlmodule.c
  138. xmlreader.c
  139. xmlregexp.c
  140. xmlsave.c
  141. xmlschemas.c
  142. xmlschemastypes.c
  143. xmlstring.c
  144. xmlunicode.c
  145. xmlwriter.c
  146. xpath.c
  147. xpointer.c
  148. xzlib.c
  149. xzlib.h