summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Nikias Bassen2017-02-07 04:05:30 +0100
committerGravatar Nikias Bassen2017-02-07 04:05:30 +0100
commit9c70a359f5786639c414c179f2d9ec9f9f245ed3 (patch)
tree3d092438b5bec688de02259c8c7a63af9df195e5
parent322b2c9dc4d50ee466c3fb1263b10282009a63cc (diff)
downloadlibplist-9c70a359f5786639c414c179f2d9ec9f9f245ed3.tar.gz
libplist-9c70a359f5786639c414c179f2d9ec9f9f245ed3.tar.bz2
xplist: Really fix OOB read when parsing DOCTYPE
-rw-r--r--src/xplist.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/xplist.c b/src/xplist.c
index 782a71c..1c166f5 100644
--- a/src/xplist.c
+++ b/src/xplist.c
@@ -876,7 +876,7 @@ static void node_from_xml(parse_ctx ctx, plist_t *plist, uint32_t depth)
}
if (embedded_dtd) {
find_str(ctx, "]>", 2, 1);
- if (ctx->pos >= ctx->end || strncmp(ctx->pos, "]>", 2)) {
+ if (ctx->pos > ctx->end-2 || strncmp(ctx->pos, "]>", 2)) {
PLIST_XML_ERR("Couldn't find end of DOCTYPE\n");
ctx->err++;
goto err_out;