commit | 681f094e5bd1d0f6b38b27701d0d1bf1ca7a9a26 | [log] [tgz] |
---|---|---|
author | Nick Wellnhofer <wellnhofer@aevum.de> | Mon Jun 15 15:23:05 2020 +0200 |
committer | Nick Wellnhofer <wellnhofer@aevum.de> | Mon Jun 15 21:25:22 2020 +0200 |
tree | 321685049e9ebd046519a8846ad017e4fde694b8 | |
parent | 31ca4a728cf96c9a341d0bfe489d2c0ba71dc6ff [diff] |
Fix unsigned integer overflow in htmlParseTryOrFinish Cast to signed type before subtraction to avoid unsigned integer overflow. Also use ptrdiff_t to avoid potential integer truncation. Found with libFuzzer and UBSan.