GNOME/libxml2
1
0
Fork 0
mirror of https://github.com/GNOME/libxml2.git synced 2025-10-20 22:30:16 +08:00
Code Issues Releases Wiki Activity

Fix undefined behavior in UTF16LEToUTF8

Browse Source 
Don't perform arithmetic on null pointer.

Found with libFuzzer and UBSan.
This commit is contained in:
Nick Wellnhofer
2020-06-15 15:45:47 +02:00
parent 536f421d37
commit 2f9382033e
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
encoding.c
View File

@@ -496,13 +496,18 @@ UTF16LEToUTF8(unsigned char* out, int *outlen,
{ {
unsigned char* outstart = out; unsigned char* outstart = out;
const unsigned char* processed = inb; const unsigned char* processed = inb;
unsigned char* outend = out + *outlen; unsigned char* outend;
unsigned short* in = (unsigned short*) inb; unsigned short* in = (unsigned short*) inb;
unsigned short* inend; unsigned short* inend;
unsigned int c, d, inlen; unsigned int c, d, inlen;
unsigned char *tmp; unsigned char *tmp;
int bits; int bits;
if (*outlen == 0) {
*inlenb = 0;
return(0);
}
outend = out + *outlen;
if ((*inlenb % 2) == 1) if ((*inlenb % 2) == 1)
(*inlenb)--; (*inlenb)--;
inlen = *inlenb / 2; inlen = *inlenb / 2;