[CVE-2022-29824] Fix integer overflows in xmlBuf and xmlBuffer
In several places, the code handling string buffers didn't check for integer overflow or used wrong types for buffer sizes. This could result in out-of-bounds writes or other memory errors when working on large, multi-gigabyte buffers. Thanks to Felix Wilhelm for the report.
Loading
-
mentioned in issue #351 (closed)
-
mentioned in commit 22dd9bd2
-
mentioned in merge request !173 (closed)
-
mentioned in commit 461ef8ac
-
mentioned in merge request !178 (merged)
-
mentioned in commit b43d1227
-
mentioned in merge request !183 (merged)
-
mentioned in commit 823a4270
-
mentioned in commit 4708164d
-
mentioned in commit f0d4c157
-
mentioned in commit 6ef16dee
-
mentioned in issue Teams/Releng/security#145 (closed)
Please register or sign in to comment