commit b4dc99e0d65aa43a49ea6d013df74b92befae2f5
author Nick Wellnhofer <wellnhofer@aevum.de> Sat Feb 18 17:29:07 2023 +0100
committer Sadaf Ebrahimi <sadafebrahimi@google.com> Wed Mar 22 20:05:58 2023 +0000
tree 38db379f523c94ec60d6cc5d0e3c153c0297180b
parent b83e2ff798a116f50bf012a74432217c7d14743c

parser: Fix OOB read when formatting error message

Don't try to print characters beyond the end of the buffer.

Found by OSS-Fuzz.

Bug: http://b/261365944
Test: TreeHugger
Change-Id: I8324497a4755cd66145ab9d109c349ca4703fa98

parser.c

diff --git a/parser.c b/parser.c
index 506c78a..f11f017 100644
--- a/parser.c
+++ b/parser.c
@@ -12170,7 +12170,11 @@
 #endif
     return(ret);
 encoding_error:
-    {
+    if (ctxt->input->end - ctxt->input->cur < 4) {
+	__xmlErrEncoding(ctxt, XML_ERR_INVALID_CHAR,
+		     "Input is not proper UTF-8, indicate encoding !\n",
+		     NULL, NULL);
+    } else {
         char buffer[150];
 
 	snprintf(buffer, 149, "Bytes: 0x%02X 0x%02X 0x%02X 0x%02X\n",