mirror of
https://github.com/GNOME/libxml2.git
synced 2025-10-20 05:14:10 +08:00
Fix infinite loops with push parser in recovery mode
Make sure that the input pointer advances in case of errors. Otherwise, the push parser can loop infinitely. Found with libFuzzer.
This commit is contained in:
4
parser.c
4
parser.c
@@ -4421,7 +4421,7 @@ get_more:
|
||||
if (*in == ']') {
|
||||
if ((in[1] == ']') && (in[2] == '>')) {
|
||||
xmlFatalErr(ctxt, XML_ERR_MISPLACED_CDATA_END, NULL);
|
||||
ctxt->input->cur = in;
|
||||
ctxt->input->cur = in + 1;
|
||||
return;
|
||||
}
|
||||
in++;
|
||||
@@ -4574,7 +4574,7 @@ xmlParseCharDataComplex(xmlParserCtxtPtr ctxt, int cdata) {
|
||||
}
|
||||
}
|
||||
}
|
||||
if ((cur != 0) && (!IS_CHAR(cur))) {
|
||||
if ((ctxt->input->cur < ctxt->input->end) && (!IS_CHAR(cur))) {
|
||||
/* Generate the error and skip the offending character */
|
||||
xmlFatalErrMsgInt(ctxt, XML_ERR_INVALID_CHAR,
|
||||
"PCDATA invalid Char value %d\n",
|
||||
|
Reference in New Issue
Block a user