Commit 0e1a49c8 authored by Zhipeng Xie's avatar Zhipeng Xie Committed by Nick Wellnhofer

Fix infinite loop in xmlStringLenDecodeEntities

When ctxt->instate == XML_PARSER_EOF,xmlParseStringEntityRef
return NULL which cause a infinite loop in xmlStringLenDecodeEntities

Found with libFuzzer.
Signed-off-by: Zhipeng Xie's avatarZhipeng Xie <xiezhipeng1@huawei.com>
parent 0815302d
......@@ -2646,7 +2646,8 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
else
c = 0;
while ((c != 0) && (c != end) && /* non input consuming loop */
(c != end2) && (c != end3)) {
(c != end2) && (c != end3) &&
(ctxt->instate != XML_PARSER_EOF)) {
if (c == 0) break;
if ((c == '&') && (str[1] == '#')) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment