commit | 11ed4a7a90d5ce156a18980a4ad4e53e77384852 | [log] [tgz] |
---|---|---|
author | Pranjal Jumde <pjumde@apple.com> | Wed Mar 02 15:52:24 2016 -0800 |
committer | Daniel Veillard <veillard@redhat.com> | Mon May 23 15:01:07 2016 +0800 |
tree | 739df6a63e8169ad8c7c886b7592c0e35fa4a7aa | |
parent | 4472c3a5a5b516aaf59b89be602fbce52756c3e9 [diff] |
Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral For https://bugzilla.gnome.org/show_bug.cgi?id=760263 * HTMLparser.c: Add BASE_PTR convenience macro. (htmlParseSystemLiteral): Store length and start position instead of a pointer while iterating through the public identifier since the underlying buffer may change, resulting in a stale pointer being used. (htmlParsePubidLiteral): Ditto.