[xml] Heap use after free in parser.c
- From: Jay Civelli <jcivelli google com>
- To: xml gnome org
- Subject: [xml] Heap use after free in parser.c
- Date: Tue, 2 Jan 2018 11:08:51 -0800
Hi,We ran into a heap use after free in Chromium
http://crbug.com/793715 that I think I tracked down. I have a tentative patch attached to address it.
In parser.c, if a call to xmlCharEncInput() fails and has grown the buffer, the ctxt object could still point to the old deleted buffer.
Thanks.
Jay
Attachment:
0001-Fix-heap-use-after-free.patch
Description: Text Data
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
