diff options
author | Nick Wellnhofer <wellnhofer@aevum.de> | 2023-04-07 11:46:35 +0200 |
---|---|---|
committer | Nick Wellnhofer <wellnhofer@aevum.de> | 2023-04-11 14:29:50 +0200 |
commit | e4f85f1bd2eb34d9b49da9154a4cc3a1bc284f68 (patch) | |
tree | e24fac8c8c315d76349c05feb7eb7371430938a0 /test | |
parent | cb1b8b8516ade9add9f63fa0e39eaa3bc7034828 (diff) | |
download | libxml2-e4f85f1bd2eb34d9b49da9154a4cc3a1bc284f68.tar.gz |
[CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType
Fix a null pointer dereference when parsing (invalid) XML schemas.
Thanks to Robby Simpson for the report!
Fixes #491.
Diffstat (limited to 'test')
-rw-r--r-- | test/schemas/issue491_0.xml | 1 | ||||
-rw-r--r-- | test/schemas/issue491_0.xsd | 18 |
2 files changed, 19 insertions, 0 deletions
diff --git a/test/schemas/issue491_0.xml b/test/schemas/issue491_0.xml new file mode 100644 index 00000000..e2b2fc2e --- /dev/null +++ b/test/schemas/issue491_0.xml @@ -0,0 +1 @@ +<Child xmlns="http://www.test.com">5</Child> diff --git a/test/schemas/issue491_0.xsd b/test/schemas/issue491_0.xsd new file mode 100644 index 00000000..81702649 --- /dev/null +++ b/test/schemas/issue491_0.xsd @@ -0,0 +1,18 @@ +<?xml version='1.0' encoding='UTF-8'?> +<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns="http://www.test.com" targetNamespace="http://www.test.com" elementFormDefault="qualified" attributeFormDefault="unqualified"> + <xs:complexType name="BaseType"> + <xs:simpleContent> + <xs:extension base="xs:int" /> + </xs:simpleContent> + </xs:complexType> + <xs:complexType name="ChildType"> + <xs:complexContent> + <xs:extension base="BaseType"> + <xs:sequence> + <xs:element name="bad" type="xs:int" minOccurs="0" maxOccurs="1"/> + </xs:sequence> + </xs:extension> + </xs:complexContent> + </xs:complexType> + <xs:element name="Child" type="ChildType" /> +</xs:schema> |