Hi,
The chromium team have recently detected a fuzz-testing bug in libxml / ICU
where UTF8 chars can be decoded incorrectly. See http://crbug.com/722420.
The root cause of this problem is that libxml is calling ICU ucnv_convertEx
with incorrect params. It is always setting flush to TRUE. This
stream.
>>
>
> Yes, but I'm only talking about xmlCharEncInFunc which isn't used
> internally.
>
> Nick
>
>
From f495b5546927032fb5b3988d66949d3d1b735aa9 Mon Sep 17 00:00:00 2001
From: Joel Hockey
Date: Wed, 25 Oct 2017 18:11:12 -0700
Subject: [PATCH] Fixed
>
>
> Does libxml treat 'UTF8' (without dash/hyphen) as UTF-8 ? If not, 'UTF8'
> can be used for both ICU and iconv.
>
Yes.
https://cs.chromium.org/chromium/src/third_party/libxml/src/parser.c?l=10329&rcl=b54509c3db126e5a3ed9b84fa70df1f821b1fd3e
___
xml
Nick, how does that updated patch look? Are you happy to take it?
On Thu, Oct 26, 2017 at 10:03 PM, Joel Hockey
wrote:
>
>> Does libxml treat 'UTF8' (without dash/hyphen) as UTF-8 ? If not, 'UTF8'
>> can be used for both ICU and iconv.
>>
>
Thanks Nick. Nice work with the test.
On Sun, Nov 5, 2017 at 2:04 AM, Nick Wellnhofer wrote:
> On 26/10/2017 03:17, Joel Hockey wrote:
>
>> I've updated the patch using git format-patch.
>>
>
> Thanks for the updated patch. Applied here: https://git.gnome.org
bxml in the Chromium tree to a version
> including these changes.
>
> Jungshik
>
> 2017-11-08 15:22 GMT-08:00 Joel Hockey :
>
>> Thanks Nick. Nice work with the test.
>>
>>
>>
>> On Sun, Nov 5, 2017 at 2:04 AM, Nick Wellnhofer
>> wrote:
>>
&
I'm having errors in chromium doing a rollup to the latest code.
https://logs.chromium.org/v/?s=chromium%2Fbb%2Ftryserver.chromium.win%2Fwin7_chromium_rel_ng%2F39058%2F%2B%2Frecipes%2Fsteps%2Fcompile__with_patch_%2F0%2Fstdout
The error I get is because we already have WIN32_LEAN_AND_MEAN defined.
Thanks Nick, updating the chromium BUILD file works. I'll take a look at
the warnings next week when I have better access to a windows machine.
On Fri, Nov 10, 2017 at 7:45 AM, Earnie
wrote:
> On 11/9/2017 12:42 PM, Nick Wellnhofer wrote:
> > On 09/11/2017 15:33, Earnie wrote:
> >> Testing for
XML_TREE_INVALID_HEX, XML_TREE_INVALID_DEC.
I thought unterminated is the better choice, but maybe a new code such as
XML_TREE_INVALID_CHAR could be used.
See crbug.com/796804
From c3d07d925ad85d3a26a609bc544b388426255df4 Mon Sep 17 00:00:00 2001
From: Joel Hockey
Date: Wed, 3 Jan 2018 18:52:36 -0800
Sending again, since I don't think this email made it to the libxml mailing
list since I was not subscribed.
-- Forwarded message --
From: Joel Hockey
Date: Wed, Jan 3, 2018 at 5:01 PM
Subject: Re: [xml] Patch to fix ICU flush and pivot buffer
To: "Jungshik Shin (신정식,
Updated patch with XML_ERR_INVALID_CHAR.
On Tue, Jan 9, 2018 at 5:55 AM, Nick Wellnhofer wrote:
> On 08/01/2018 02:06, Joel Hockey wrote:
>
>> The entity parsing code in tree.c is getting integer overflow when a very
>> long, invalid hex (or decimal) entity is used: e
Hi Nick, is patch ok to submit now? Let me know if you need any changes.
On Tue, Jan 9, 2018 at 10:55 AM, Joel Hockey
wrote:
> Updated patch with XML_ERR_INVALID_CHAR.
>
> On Tue, Jan 9, 2018 at 5:55 AM, Nick Wellnhofer
> wrote:
>
>> On 08/01/2018 02:06, Joel Hockey wro
12 matches
Mail list logo
