Possible overflow in HTMLParser.c For https://bugzilla.gnome.org/show_bug.cgi?id=720615 make sure that the encoding string passed is of reasonable size

commit: 292a9f293decfcd1de8870d93866bf450f3f555f [log] [tgz]
author: Daniel Veillard <veillard@redhat.com> Mon Oct 06 18:51:04 2014 +0800
committer: Daniel Veillard <veillard@redhat.com> Mon Oct 06 18:51:04 2014 +0800
tree: dc04aa5a220585e7d70baad73abeb600cf267ebf
parent: 6bea543eca4804832ca044c73ec62d2dc9594ccb [diff]
diff --git a/HTMLparser.c b/HTMLparser.c
index 23fafb2..d329d3b 100644
--- a/HTMLparser.c
+++ b/HTMLparser.c

@@ -6288,12 +6288,16 @@
 
     /* set encoding */
     if (encoding) {
-        content = xmlMallocAtomic (xmlStrlen(content_line) + strlen(encoding) + 1);
-	if (content) {
-	    strcpy ((char *)content, (char *)content_line);
-            strcat ((char *)content, (char *)encoding);
-            htmlCheckEncoding (ctxt, content);
-	    xmlFree (content);
+        size_t l = strlen(encoding);
+
+	if (l < 1000) {
+	    content = xmlMallocAtomic (xmlStrlen(content_line) + l + 1);
+	    if (content) {
+		strcpy ((char *)content, (char *)content_line);
+		strcat ((char *)content, (char *)encoding);
+		htmlCheckEncoding (ctxt, content);
+		xmlFree (content);
+	    }
 	}
     }
commit	292a9f293decfcd1de8870d93866bf450f3f555f	[log] [tgz]
author	Daniel Veillard <veillard@redhat.com>	Mon Oct 06 18:51:04 2014 +0800
committer	Daniel Veillard <veillard@redhat.com>	Mon Oct 06 18:51:04 2014 +0800
tree	dc04aa5a220585e7d70baad73abeb600cf267ebf
parent	6bea543eca4804832ca044c73ec62d2dc9594ccb [diff]