diff options
author | Dave Beckett <dave@dajobe.org> | 2021-09-18 17:40:00 -0700 |
---|---|---|
committer | Dave Beckett <dave@dajobe.org> | 2021-09-18 17:40:00 -0700 |
commit | 4f5dbbffcc1c6cf0398bd03450453289a0979dea (patch) | |
tree | 7fff37cda77f6b4910ede4a5e8b8580c01d0bfd7 | |
parent | 656ba574e21cffadc6cff7a6b34f31c33c5272a8 (diff) | |
download | raptor-4f5dbbffcc1c6cf0398bd03450453289a0979dea.tar.gz |
XML Writer : compare namespace declarations correctly
Apply patch from
0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1
that fixes Issue#0000650 https://bugs.librdf.org/mantis/view.php?id=650
which overwrote heap during XML writing in parse type literal
content. This was detected with clang asan.
Thanks to Michael Stahl / mst2 for the fix.
-rw-r--r-- | src/raptor_xml_writer.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c index 56993dc3..4426d38c 100644 --- a/src/raptor_xml_writer.c +++ b/src/raptor_xml_writer.c @@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer, /* check it wasn't an earlier declaration too */ for(j = 0; j < nspace_declarations_count; j++) - if(nspace_declarations[j].nspace == element->attributes[j]->nspace) { + if(nspace_declarations[j].nspace == element->attributes[i]->nspace) { declare_me = 0; break; } |