diff options
| author | Nick Wellnhofer <wellnhofer@aevum.de> | 2020-06-28 13:16:46 +0200 |
|---|---|---|
| committer | Nick Wellnhofer <wellnhofer@aevum.de> | 2020-06-28 13:21:50 +0200 |
| commit | 13ba5b619a153f240320eb92b59158d657bdeb3a (patch) | |
| tree | c3ef74c53b04a6226aafc5392af567bb15963127 | |
| parent | 1e7851b5aea4b2d8b9a6b6c02187fc4786f7a8b7 (diff) | |
| download | libxml2-13ba5b619a153f240320eb92b59158d657bdeb3a.tar.gz | |
Reset HTML parser input before reporting encoding error
If charset conversion fails, reset the input pointers before reporting
the error and bailing out. Otherwise, the input pointers are left in an
invalid state which could lead to use-after-free and other memory
errors.
Similar to f9e7997e. Found by OSS-Fuzz.
| -rw-r--r-- | HTMLparser.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/HTMLparser.c b/HTMLparser.c index 9ade6635..7fba9429 100644 --- a/HTMLparser.c +++ b/HTMLparser.c @@ -6160,12 +6160,12 @@ htmlParseChunk(htmlParserCtxtPtr ctxt, const char *chunk, int size, size_t current = ctxt->input->cur - ctxt->input->base; nbchars = xmlCharEncInput(in, terminate); + xmlBufSetInputBaseCur(in->buffer, ctxt->input, base, current); if (nbchars < 0) { htmlParseErr(ctxt, XML_ERR_INVALID_ENCODING, "encoder error\n", NULL, NULL); return(XML_ERR_INVALID_ENCODING); } - xmlBufSetInputBaseCur(in->buffer, ctxt->input, base, current); } } } |