diff options
| author |  Nikias Bassen | 2017-02-07 03:21:52 +0100 |
|---|---|---|
| committer | Nikias Bassen | 2017-02-07 03:21:52 +0100 |
| commit | 234c41cd7eead5e5a68dbaa80d26335a19cd1d83 (patch) | |
| tree | ebe4ec485e9324f384579b5853e3145566424973 /src | |
| parent | fa4d1ce8a6d9c0f9b1d5bbcc82c675cac601daf5 (diff) | |
| download | libplist-234c41cd7eead5e5a68dbaa80d26335a19cd1d83.tar.gz libplist-234c41cd7eead5e5a68dbaa80d26335a19cd1d83.tar.bz2 | |
xplist: Fix OOB read when parsing DOCTYPE
Diffstat (limited to 'src')
| -rw-r--r-- | src/xplist.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/xplist.c b/src/xplist.c index d8d2d72..ec00410 100644 --- a/src/xplist.c +++ b/src/xplist.c @@ -875,7 +875,7 @@ static void node_from_xml(parse_ctx ctx, plist_t *plist, uint32_t depth) } if (embedded_dtd) { find_str(ctx, "]>", 2, 1); - if (strncmp(ctx->pos, "]>", 2)) { + if (ctx->pos >= ctx->end || strncmp(ctx->pos, "]>", 2)) { PLIST_XML_ERR("Couldn't find end of DOCTYPE\n"); ctx->err++; goto err_out; |