• Nick Wellnhofer's avatar
    Handle more invalid entity values in recovery mode · abbda93c
    Nick Wellnhofer authored
    In attribute content, don't emit entity references if there are
    problems with the entity value. Otherwise some illegal entity values
    like
    
        <!ENTITY a '&#38;#x123456789;'>
    
    would later cause problems like integer overflow.
    
    Make xmlStringLenDecodeEntities return NULL on more error conditions
    including invalid char refs and errors from recursive calls. Remove
    some fragile error checks based on lastError that shouldn't be
    needed now. Clear the entity content in xmlParseAttValueComplex if
    an error was found.
    
    Found by OSS-Fuzz. Should fix bug 783052.
    
    Also see https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3343
    abbda93c
parser.c 427 KB