diff options
author | Kirill Simonov <xi@resolvent.net> | 2014-03-26 07:03:17 -0500 |
---|---|---|
committer | Kirill Simonov <xi@resolvent.net> | 2014-03-26 07:03:17 -0500 |
commit | d1003a9d40b674520934f4f38ffc4ff2a809bc2d (patch) | |
tree | 70dbf2902eb1adb7dc89fa543728125a3b82ab3e /src/scanner.c | |
parent | 662f4be270c519ae74b46404ed30cd5ed47735bc (diff) | |
download | libyaml-git-d1003a9d40b674520934f4f38ffc4ff2a809bc2d.tar.gz |
Fixed heap overflow in yaml_parser_scan_uri_escapes (Thanks Ivan Fratric of the Google Security Team).0.1.6
Diffstat (limited to 'src/scanner.c')
-rw-r--r-- | src/scanner.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/scanner.c b/src/scanner.c index 8817de2..88d4fa5 100644 --- a/src/scanner.c +++ b/src/scanner.c @@ -2629,6 +2629,9 @@ yaml_parser_scan_tag_uri(yaml_parser_t *parser, int directive, /* Check if it is a URI-escape sequence. */ if (CHECK(parser->buffer, '%')) { + if (!STRING_EXTEND(parser, string)) + goto error; + if (!yaml_parser_scan_uri_escapes(parser, directive, start_mark, &string)) goto error; } |