[xml] Heap use after free in parser.c

2018-01-02 Thread Jay Civelli via xml
Hi, We ran into a heap use after free in Chromium http://crbug.com/793715 that I think I tracked down. I have a tentative patch attached to address it. In parser.c, if a call to xmlCharEncInput() fails and has grown the buffer, the ctxt object could still point to the old deleted buffer. Thanks.

Re: [xml] Heap use after free in parser.c

2018-01-08 Thread Jay Civelli via xml
On Mon, Jan 8, 2018 at 11:27 AM, Nick Wellnhofer wrote: > On 02/01/2018 20:08, Jay Civelli via xml wrote: > >> We ran into a heap use after free in Chromium http://crbug.com/793715 < >> http://crbug.com/793715> that I think I tracked down. >> > > I don

Re: [xml] Heap use after free in parser.c

2018-01-18 Thread Jay Civelli via xml
Hi Nick, Did you have a chance to look at my latest patch? (attached in my previous email) Thanks. Jay On Mon, Jan 8, 2018 at 1:43 PM, Jay Civelli wrote: > On Mon, Jan 8, 2018 at 11:27 AM, Nick Wellnhofer > wrote: > >> On 02/01/2018 20:08, Jay Civelli via xml wrote: >> &

Re: [xml] Heap use after free in parser.c

2018-01-22 Thread Jay Civelli via xml
On Mon, Jan 22, 2018 at 7:53 AM, Nick Wellnhofer wrote: > On 08/01/2018 22:43, Jay Civelli wrote: > >> On Mon, Jan 8, 2018 at 11:27 AM, Nick Wellnhofer > <mailto:wellnho...@aevum.de>> wrote: >> >> On 02/01/2018 20:08, Jay Civelli via xml wrote: >> &g

Re: [xml] [PATCH] Check hex or decimal entity for overflow

2018-01-23 Thread Jay Civelli via xml
On Tue, Jan 23, 2018 at 8:21 PM, Daniel Veillard wrote: > On Mon, Jan 22, 2018 at 04:37:17PM +0100, Nick Wellnhofer wrote: > > On 09/01/2018 00:55, Joel Hockey wrote: > > > Updated patch with XML_ERR_INVALID_CHAR. > > > > Should be fixed with > > > > > > https://git.gnome.org/browse/libxml2/commi