Hi Nick, Did you have a chance to look at my latest patch? (attached in my previous email)
Thanks. Jay On Mon, Jan 8, 2018 at 1:43 PM, Jay Civelli <jcive...@google.com> wrote: > On Mon, Jan 8, 2018 at 11:27 AM, Nick Wellnhofer <wellnho...@aevum.de> > wrote: > >> On 02/01/2018 20:08, Jay Civelli via xml wrote: >> >>> We ran into a heap use after free in Chromium http://crbug.com/793715 < >>> http://crbug.com/793715> that I think I tracked down. >>> >> >> I don't have access to this page. > > You should have access now. > >> >> >> I have a tentative patch attached to address it. >>> In parser.c, if a call to xmlCharEncInput() fails and has grown the >>> buffer, the ctxt object could still point to the old deleted buffer. >>> >> >> Maybe it's better to call xmlHaltParser if xmlCharEncInput fails. That's >> what the other code path in xmlParseChunk does. > > Good idea, done in new attached patch. Note that I changed the error from > the existing from XML_ERR_INVALID_ENCODING to XML_ERR_INVALID_CHAR which > seemed to make more sense. > > Jay > > > >> >> >> Nick >> > >
_______________________________________________ xml mailing list, project page http://xmlsoft.org/ xml@gnome.org https://mail.gnome.org/mailman/listinfo/xml
