diff options
| author | Brian C. Young <bcyoung@google.com> | 2017-04-06 17:02:29 -0700 |
|---|---|---|
| committer | gitbuildkicker <android-build@google.com> | 2017-04-24 12:19:36 -0700 |
| commit | e1079e1b0184bafce2dd22a673686a74d742a62e (patch) | |
| tree | fd62c9c526e67b852b8c31ccdd75f2a516177c74 | |
| parent | 75de23d3e20c3c014ac79fa92241a1fed9f1a4e1 (diff) | |
| download | platform_external_libxml2-nougat-mr1-volantis-release.tar.gz platform_external_libxml2-nougat-mr1-volantis-release.tar.bz2 platform_external_libxml2-nougat-mr1-volantis-release.zip | |
DO NOT MERGE: Heap buffer overflow in xmlAddIDandroid-7.1.1_r58android-7.1.1_r53android-7.1.1_r49android-7.1.1_r46android-7.1.1_r43nougat-mr1-volantis-releasenougat-mr1-flounder-release
Patch from ddkilzer@apple.com
See https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=598
and https://bugzilla.gnome.org/show_bug.cgi?id=780228
Bug: 37104170
Change-Id: I0286459ff9066b664dc26f7f1ff65a1388de3d92
(cherry picked from commit eb80f32c3c9e5cb1cb6f6adc0bf35b3ec46c0963)
| -rw-r--r-- | valid.c | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -4623,13 +4623,13 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) { /* Validity Constraint: ID uniqueness */ if (attrDecl->atype == XML_ATTRIBUTE_ID) { - if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL) + if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) attrDecl) == NULL) ret = 0; } if ((attrDecl->atype == XML_ATTRIBUTE_IDREF) || (attrDecl->atype == XML_ATTRIBUTE_IDREFS)) { - if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL) + if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) attrDecl) == NULL) ret = 0; } |