diff options
| author |  Nikias Bassen | 2017-02-07 04:05:30 +0100 |
|---|---|---|
| committer | Nikias Bassen | 2017-02-07 04:05:30 +0100 |
| commit | 9c70a359f5786639c414c179f2d9ec9f9f245ed3 (patch) | |
| tree | 3d092438b5bec688de02259c8c7a63af9df195e5 | |
| parent | 322b2c9dc4d50ee466c3fb1263b10282009a63cc (diff) | |
| download | libplist-9c70a359f5786639c414c179f2d9ec9f9f245ed3.tar.gz libplist-9c70a359f5786639c414c179f2d9ec9f9f245ed3.tar.bz2 | |
xplist: Really fix OOB read when parsing DOCTYPE
| -rw-r--r-- | src/xplist.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/xplist.c b/src/xplist.c index 782a71c..1c166f5 100644 --- a/src/xplist.c +++ b/src/xplist.c @@ -876,7 +876,7 @@ static void node_from_xml(parse_ctx ctx, plist_t *plist, uint32_t depth) } if (embedded_dtd) { find_str(ctx, "]>", 2, 1); - if (ctx->pos >= ctx->end || strncmp(ctx->pos, "]>", 2)) { + if (ctx->pos > ctx->end-2 || strncmp(ctx->pos, "]>", 2)) { PLIST_XML_ERR("Couldn't find end of DOCTYPE\n"); ctx->err++; goto err_out; |