commit | 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e | [log] [tgz] |
---|---|---|
author | Nick Wellnhofer <wellnhofer@aevum.de> | Tue Jun 28 14:22:23 2016 +0200 |
committer | Nick Wellnhofer <wellnhofer@aevum.de> | Wed Oct 12 13:12:18 2016 +0200 |
tree | 7980ec57bddb64fcb54cae0e0dfd19a4d7330139 | |
parent | a005199330b86dada19d162cae15ef9bdcb6baa8 [diff] |
Fix XPointer paths beginning with range-to The old code would invoke the broken xmlXPtrRangeToFunction. range-to isn't really a function but a special kind of location step. Remove this function and always handle range-to in the XPath code. The old xmlXPtrRangeToFunction could also be abused to trigger a use-after-free error with the potential for remote code execution. Found with afl-fuzz. Fixes CVE-2016-5131.