Hi Nick, is patch ok to submit now? Let me know if you need any changes. On Tue, Jan 9, 2018 at 10:55 AM, Joel Hockey <joelhoc...@chromium.org> wrote:
> Updated patch with XML_ERR_INVALID_CHAR. > > On Tue, Jan 9, 2018 at 5:55 AM, Nick Wellnhofer <wellnho...@aevum.de> > wrote: > >> On 08/01/2018 02:06, Joel Hockey wrote: >> >>> The entity parsing code in tree.c is getting integer overflow when a >>> very long, invalid hex (or decimal) entity is used: e.g. #xabcdefabcdef; >>> >> >> This is probably the same issue as >> >> https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3874 >> >> Also see >> >> https://bugzilla.gnome.org/show_bug.cgi?id=783052 >> >> The issue only arises in "recovery" mode (XML_PARSE_RECOVER). In the >> past, I tried to fix similar issues by not adding nodes containing invalid >> character references at all in an earlier stage of the parsing code, but >> I'm fine with your approach. >> >> For these cases, I am setting the error to XML_TREE_UNTERMINATED_ENTITY. >>> The other 2 existing codes are XML_TREE_INVALID_HEX, XML_TREE_INVALID_DEC. >>> I thought unterminated is the better choice, but maybe a new code such as >>> XML_TREE_INVALID_CHAR could be used. >>> >> >> Regarding the error code, we could simply use XML_ERR_INVALID_CHAR or not >> report an error at all since invalid numeric character references are >> already detected and reported earlier. >> >> Nick >> > >
_______________________________________________ xml mailing list, project page http://xmlsoft.org/ xml@gnome.org https://mail.gnome.org/mailman/listinfo/xml
