Fixed heap overflow in yaml_parser_scan_uri_escapes (Thanks Ivan Fratric of the Google Security Team).0.1.6

author: Kirill Simonov <xi@resolvent.net> 2014-03-26 07:03:17 -0500
committer: Kirill Simonov <xi@resolvent.net> 2014-03-26 07:03:17 -0500
commit: d1003a9d40b674520934f4f38ffc4ff2a809bc2d (patch)
tree: 70dbf2902eb1adb7dc89fa543728125a3b82ab3e /src/scanner.c
parent: 662f4be270c519ae74b46404ed30cd5ed47735bc (diff)
download: libyaml-git-d1003a9d40b674520934f4f38ffc4ff2a809bc2d.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/src/scanner.c b/src/scanner.c
index 8817de2..88d4fa5 100644
--- a/src/scanner.c
+++ b/src/scanner.c
@@ -2629,6 +2629,9 @@ yaml_parser_scan_tag_uri(yaml_parser_t *parser, int directive,
         /* Check if it is a URI-escape sequence. */
 
         if (CHECK(parser->buffer, '%')) {
+            if (!STRING_EXTEND(parser, string))
+                goto error;
+
             if (!yaml_parser_scan_uri_escapes(parser,
                         directive, start_mark, &string)) goto error;
         }
author	Kirill Simonov <xi@resolvent.net>	2014-03-26 07:03:17 -0500
committer	Kirill Simonov <xi@resolvent.net>	2014-03-26 07:03:17 -0500
commit	d1003a9d40b674520934f4f38ffc4ff2a809bc2d (patch)
tree	70dbf2902eb1adb7dc89fa543728125a3b82ab3e /src/scanner.c
parent	662f4be270c519ae74b46404ed30cd5ed47735bc (diff)
download	libyaml-git-d1003a9d40b674520934f4f38ffc4ff2a809bc2d.tar.gz