diff options
author | Brian C. Young <bcyoung@google.com> | 2017-04-06 17:02:29 -0700 |
---|---|---|
committer | gitbuildkicker <android-build@google.com> | 2017-04-17 16:24:08 -0700 |
commit | 521b88fbb6d18312923f0df653d045384b500ffc (patch) | |
tree | fd62c9c526e67b852b8c31ccdd75f2a516177c74 | |
parent | 308396a55280f69ad4112d4f9892f4cbeff042aa (diff) | |
download | android_external_libxml2-521b88fbb6d18312923f0df653d045384b500ffc.tar.gz android_external_libxml2-521b88fbb6d18312923f0df653d045384b500ffc.tar.bz2 android_external_libxml2-521b88fbb6d18312923f0df653d045384b500ffc.zip |
DO NOT MERGE: Heap buffer overflow in xmlAddID
Patch from ddkilzer@apple.com
See https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=598
and https://bugzilla.gnome.org/show_bug.cgi?id=780228
Bug: 37104170
Change-Id: I0286459ff9066b664dc26f7f1ff65a1388de3d92
(cherry picked from commit eb80f32c3c9e5cb1cb6f6adc0bf35b3ec46c0963)
-rw-r--r-- | valid.c | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -4623,13 +4623,13 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) { /* Validity Constraint: ID uniqueness */ if (attrDecl->atype == XML_ATTRIBUTE_ID) { - if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL) + if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) attrDecl) == NULL) ret = 0; } if ((attrDecl->atype == XML_ATTRIBUTE_IDREF) || (attrDecl->atype == XML_ATTRIBUTE_IDREFS)) { - if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL) + if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) attrDecl) == NULL) ret = 0; } |