diff options
| author |  Nikias Bassen | 2017-02-07 03:12:40 +0100 |
|---|---|---|
| committer | Nikias Bassen | 2017-02-07 03:12:40 +0100 |
| commit | fa4d1ce8a6d9c0f9b1d5bbcc82c675cac601daf5 (patch) | |
| tree | 22122871eab0160315ae1a06e5461638199dafcc | |
| parent | e4dc36f18a3ba06183168111052b7b4e213c740b (diff) | |
| download | libplist-fa4d1ce8a6d9c0f9b1d5bbcc82c675cac601daf5.tar.gz libplist-fa4d1ce8a6d9c0f9b1d5bbcc82c675cac601daf5.tar.bz2 | |
xplist: Also fix OOB read in find_char() and find_str() functions
| -rw-r--r-- | src/xplist.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/xplist.c b/src/xplist.c index d157200..d8d2d72 100644 --- a/src/xplist.c +++ b/src/xplist.c @@ -435,6 +435,10 @@ static void find_char(parse_ctx ctx, char c, int skip_quotes) if (skip_quotes && (c != '"') && (*(ctx->pos) == '"')) { ctx->pos++; find_char(ctx, '"', 0); + if (ctx->pos >= ctx->end) { + PLIST_XML_ERR("EOF while looking for matching double quote\n"); + return; + } if (*(ctx->pos) != '"') { PLIST_XML_ERR("Unmatched double quote\n"); return; @@ -453,6 +457,10 @@ static void find_str(parse_ctx ctx, const char *str, size_t len, int skip_quotes if (skip_quotes && (*(ctx->pos) == '"')) { ctx->pos++; find_char(ctx, '"', 0); + if (ctx->pos >= ctx->end) { + PLIST_XML_ERR("EOF while looking for matching double quote\n"); + return; + } if (*(ctx->pos) != '"') { PLIST_XML_ERR("Unmatched double quote\n"); return; |