Skip to content

Commit

Permalink
DO NOT MERGE: Heap buffer overflow in xmlAddID
Browse files Browse the repository at this point in the history 
Patch from ddkilzer@apple.com
See https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=598
and https://bugzilla.gnome.org/show_bug.cgi?id=780228

Bug: 37104170
Change-Id: I0286459ff9066b664dc26f7f1ff65a1388de3d92
(cherry picked from commit eb80f32c3c9e5cb1cb6f6adc0bf35b3ec46c0963)
  • Loading branch information
@andi34
Brian C. Young authored and andi34 committed Jun 16, 2017
1 parent d697903 commit 3961607
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions valid.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4622,13 +4622,13 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {

/* Validity Constraint: ID uniqueness */
if (attrDecl->atype == XML_ATTRIBUTE_ID) {
if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) attrDecl) == NULL)
ret = 0;
}

if ((attrDecl->atype == XML_ATTRIBUTE_IDREF) ||
(attrDecl->atype == XML_ATTRIBUTE_IDREFS)) {
if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) attrDecl) == NULL)
ret = 0;
}

Expand Down

0 comments on commit 3961607

Please sign in to comment.