commit | 1d8878ba3247d70c3ac6fa27df0786dadc54baca | [log] [tgz] |
---|---|---|
author | Brian C. Young <bcyoung@google.com> | Mon Apr 03 12:39:04 2017 -0700 |
committer | Brian C. Young <bcyoung@google.com> | Mon Apr 10 13:34:51 2017 -0700 |
tree | bf3de4caefb72d72f7614ee752f0a4573f77fcc6 | |
parent | 22b8fccba60a6f3f124ab9b638d7896a0f69d122 [diff] |
DO NOT MERGE: Disallow namespace nodes in XPointer ranges Namespace nodes must be copied to avoid use-after-free errors. But they don't necessarily have a physical representation in a document, so simply disallow them in XPointer ranges. Found with afl-fuzz. Fixes CVE-2016-4658. Bug: 36554207 Change-Id: Ie570c4a53ae8ca82ed4ca19701ab7d8ba9b0468f