*** parserInternals.c.orig 2002-03-21 04:35:12.000000000 +0100 --- parserInternals.c 2007-12-17 11:17:03.000000000 +0100 *************** xmlNextChar(xmlParserCtxtPtr ctxt) { *** 1143,1148 **** --- 1143,1150 ---- c = *cur; if (c & 0x80) { + if (((c & 0x40) == 0) || (c == 0xC0)) + goto encoding_error; if (cur[1] == 0) xmlParserInputGrow(ctxt->input, INPUT_CHUNK); if ((cur[1] & 0xc0) != 0x80) *************** xmlCurrentChar(xmlParserCtxtPtr ctxt, in *** 1308,1325 **** --- 1310,1333 ---- val |= (cur[1] & 0x3f) << 12; val |= (cur[2] & 0x3f) << 6; val |= cur[3] & 0x3f; + if (val < 0x10000) + goto encoding_error; } else { /* 3-byte code */ *len = 3; val = (cur[0] & 0xf) << 12; val |= (cur[1] & 0x3f) << 6; val |= cur[2] & 0x3f; + if (val < 0x800) + goto encoding_error; } } else { /* 2-byte code */ *len = 2; val = (cur[0] & 0x1f) << 6; val |= cur[1] & 0x3f; + if (val < 0x80) + goto encoding_error; } if (!IS_CHAR(val)) { if ((ctxt->sax != NULL) && *************** xmlCurrentChar(xmlParserCtxtPtr ctxt, in *** 1334,1339 **** --- 1342,1359 ---- } else { /* 1-byte code */ *len = 1; + if (*ctxt->input->cur == 0) + xmlParserInputGrow(ctxt->input, INPUT_CHUNK); + if ((*ctxt->input->cur == 0) && + (ctxt->input->end > ctxt->input->cur)) { + if ((ctxt->sax != NULL) && + (ctxt->sax->error != NULL)) + ctxt->sax->error(ctxt->userData, + "Char 0x0 out of allowed range\n"); + ctxt->errNo = XML_ERR_INVALID_ENCODING; + ctxt->wellFormed = 0; + ctxt->disableSAX = 1; + } if (*ctxt->input->cur == 0xD) { if (ctxt->input->cur[1] == 0xA) { ctxt->nbChars++;