• Pranjal Jumde's avatar
    Bug 758605: Heap-based buffer overread in xmlDictAddString... · a820dbea
    Pranjal Jumde authored
    Bug 758605: Heap-based buffer overread in xmlDictAddString <https://bugzilla.gnome.org/show_bug.cgi?id=758605>
    Reviewed by David Kilzer.
    * HTMLparser.c:
    (htmlParseName): Add bounds check.
    (htmlParseNameComplex): Ditto.
    * result/HTML/758605.html: Added.
    * result/HTML/758605.html.err: Added.
    * result/HTML/758605.html.sax: Added.
    * runtest.c:
    (pushParseTest): The input for the new test case was so small
    (4 bytes) that htmlParseChunk() was never called after
    htmlCreatePushParserCtxt(), thereby creating a false positive
    test failure.  Fixed by using a do-while loop so we always call
    htmlParseChunk() at least once.
    * test/HTML/758605.html: Added.
HTMLparser.c 204 KB