commit | 96a5c17ee154add361abbae27b29c86e398fc1b9 | [log] [tgz] |
---|---|---|
author | Nick Wellnhofer <wellnhofer@aevum.de> | Thu Apr 21 19:03:47 2016 +0200 |
committer | Nick Wellnhofer <wellnhofer@aevum.de> | Sat Apr 23 18:44:27 2016 +0200 |
tree | ea6c659cffa683e2117eefca414548ca704055ce | |
parent | cad102b861f74d56e3f6e710c466cf1a38a5db56 [diff] |
Fix OOB read with invalid UTF-8 in xmlUTF8Strsize With certain invalid UTF-8, xmlUTF8Strsize can read up to 6 bytes beyond the end of the string and return the wrong size. This means that in xmlUTF8Strndup and similar code, some content behind the string is copied. But since the terminating \0 is copied as well, this probably can't be exploited to leak sensitive information. Found by afl-fuzz and ASan.