summaryrefslogtreecommitdiffstats
path: root/src/xplist.c
diff options
context:
space:
mode:
authorGravatar Nikias Bassen2017-02-07 03:03:15 +0100
committerGravatar Nikias Bassen2017-02-07 03:03:15 +0100
commite4dc36f18a3ba06183168111052b7b4e213c740b (patch)
treefe50c564f3e87ddf101fb0e06daac8401d60b151 /src/xplist.c
parentca33a2b7aebf7cadd480a80d1eb2284406061b08 (diff)
downloadlibplist-e4dc36f18a3ba06183168111052b7b4e213c740b.tar.gz
libplist-e4dc36f18a3ba06183168111052b7b4e213c740b.tar.bz2
xplist: Prevent OOB read in two more cases
Diffstat (limited to 'src/xplist.c')
-rw-r--r--src/xplist.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/src/xplist.c b/src/xplist.c
index 7cee6de..d157200 100644
--- a/src/xplist.c
+++ b/src/xplist.c
@@ -546,6 +546,11 @@ static text_part_t* get_text_parts(parse_ctx ctx, const char* tag, size_t tag_le
}
if (*ctx->pos == '!') {
ctx->pos++;
+ if (ctx->pos >= ctx->end-1) {
+ PLIST_XML_ERR("EOF while parsing <! special tag\n");
+ ctx->err++;
+ return NULL;
+ }
if (*ctx->pos == '-' && *(ctx->pos+1) == '-') {
if (last) {
last = text_part_append(last, p, q-p, 0);
@@ -844,6 +849,11 @@ static void node_from_xml(parse_ctx ctx, plist_t *plist, uint32_t depth)
ctx->pos+=8;
while (ctx->pos < ctx->end) {
find_next(ctx, " \t\r\n[>", 6, 1);
+ if (ctx->pos >= ctx->end) {
+ PLIST_XML_ERR("EOF while parsing !DOCTYPE\n");
+ ctx->err++;
+ goto err_out;
+ }
if (*ctx->pos == '[') {
embedded_dtd = 1;
break;