diff options
| author | Brian C. Young <bcyoung@google.com> | 2017-04-06 17:02:29 -0700 |
|---|---|---|
| committer | gitbuildkicker <android-build@google.com> | 2017-04-19 10:59:11 -0700 |
| commit | 74892a3b064dc100248f7580e300ac82fd1a63d0 (patch) | |
| tree | fd62c9c526e67b852b8c31ccdd75f2a516177c74 | |
| parent | cb2045077daff67156d1598b87956f8052d7bef2 (diff) | |
| download | platform_external_libxml2-nougat-mr1.5-release.tar.gz platform_external_libxml2-nougat-mr1.5-release.tar.bz2 platform_external_libxml2-nougat-mr1.5-release.zip | |
DO NOT MERGE: Heap buffer overflow in xmlAddIDandroid-7.1.1_r57android-7.1.1_r56android-7.1.1_r55android-7.1.1_r52android-7.1.1_r50android-7.1.1_r48android-7.1.1_r45android-7.1.1_r42nougat-mr1.7-releasenougat-mr1.6-releasenougat-mr1.5-release
Patch from ddkilzer@apple.com
See https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=598
and https://bugzilla.gnome.org/show_bug.cgi?id=780228
Bug: 37104170
Change-Id: I0286459ff9066b664dc26f7f1ff65a1388de3d92
(cherry picked from commit eb80f32c3c9e5cb1cb6f6adc0bf35b3ec46c0963)
| -rw-r--r-- | valid.c | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -4623,13 +4623,13 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) { /* Validity Constraint: ID uniqueness */ if (attrDecl->atype == XML_ATTRIBUTE_ID) { - if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL) + if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) attrDecl) == NULL) ret = 0; } if ((attrDecl->atype == XML_ATTRIBUTE_IDREF) || (attrDecl->atype == XML_ATTRIBUTE_IDREFS)) { - if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL) + if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) attrDecl) == NULL) ret = 0; } |