commit | a9fb107278a61630e324cff2352475b7a91bf78b | [log] [tgz] |
---|---|---|
author | Christian Voegl <cvoegl@suse.com> | Wed Oct 27 11:25:18 2021 +0200 |
committer | Karsten Tausche <karsten@fairphone.com> | Thu Oct 06 15:28:43 2022 +0200 |
tree | 63edb5a4fa76aa82d246ae365f2963306e9cb134 | |
parent | 7278db900043c3a17bc59e840bc9a6f0481afc2a [diff] |
In stamp always advance the pointer if *p= 0xef The current implementation only advanced if 0xef is followed by two non-zero bytes. In case of malformed input (0xef should be the start byte of a three byte character) this leads to an infinite loop. (CVE-2021-42260) Issue: FP3-A11#414 Change-Id: Iacb92be1ebf4488fef4ad07cc98ed9d16c118989 Upstream: https://sourceforge.net/u/cvoegl/tinyxml/ci/f7ca0035d17a663f55668e662b840afce7b86112 (cherry picked from commit f7ca0035d17a663f55668e662b840afce7b86112)