GNOME/libxml2
1
0
Fork 0
mirror of https://github.com/GNOME/libxml2.git synced 2025-10-18 00:52:00 +08:00
Code Issues Releases Wiki Activity

Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars()

Browse Source 
* HTMLparser.c:
(htmlSkipBlankChars):
* parser.c:
(xmlSkipBlankChars):
- Cap the return value at INT_MAX.
- The commit range that OSS-Fuzz listed for the fix didn't make
  any changes to xmlSkipBlankChars(), so it seems like this
  issue may still exist.

Found by OSS-Fuzz Issue 44803.
This commit is contained in:
David Kilzer
2022-04-08 12:33:17 -07:00
parent a15f2abef1
commit 44e9118c02
2 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
HTMLparser.c
View File

@@ -598,7 +598,8 @@ htmlSkipBlankChars(xmlParserCtxtPtr ctxt) {
if (*ctxt->input->cur == 0)
xmlParserInputGrow(ctxt->input, INPUT_CHUNK);
}
res++;
if (res < INT_MAX)
res++;
}
return(res);
}