diff options
author | Nikias Bassen | 2017-02-07 03:21:52 +0100 |
---|---|---|
committer | Nikias Bassen | 2017-02-07 03:21:52 +0100 |
commit | 234c41cd7eead5e5a68dbaa80d26335a19cd1d83 (patch) | |
tree | ebe4ec485e9324f384579b5853e3145566424973 | |
parent | fa4d1ce8a6d9c0f9b1d5bbcc82c675cac601daf5 (diff) | |
download | libplist-234c41cd7eead5e5a68dbaa80d26335a19cd1d83.tar.gz libplist-234c41cd7eead5e5a68dbaa80d26335a19cd1d83.tar.bz2 |
xplist: Fix OOB read when parsing DOCTYPE
-rw-r--r-- | src/xplist.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/xplist.c b/src/xplist.c index d8d2d72..ec00410 100644 --- a/src/xplist.c +++ b/src/xplist.c @@ -875,7 +875,7 @@ static void node_from_xml(parse_ctx ctx, plist_t *plist, uint32_t depth) } if (embedded_dtd) { find_str(ctx, "]>", 2, 1); - if (strncmp(ctx->pos, "]>", 2)) { + if (ctx->pos >= ctx->end || strncmp(ctx->pos, "]>", 2)) { PLIST_XML_ERR("Couldn't find end of DOCTYPE\n"); ctx->err++; goto err_out; |