diff options
| author |  Nikias Bassen | 2017-02-09 13:26:15 +0100 |
|---|---|---|
| committer | Nikias Bassen | 2017-02-09 13:26:15 +0100 |
| commit | 47d02dde60b4c709d579aa22187ac55524485b97 (patch) | |
| tree | 6bb91d6aff257b794233786f6c100b6ddda01664 | |
| parent | 1bf28fb685f0ec46db3495004fa5fadb3d9d10ad (diff) | |
| download | libplist-47d02dde60b4c709d579aa22187ac55524485b97.tar.gz libplist-47d02dde60b4c709d579aa22187ac55524485b97.tar.bz2 | |
xplist: Prevent assert when parsing CF$UID dict with invalid value node
Credit to OSS-Fuzz
| -rw-r--r-- | src/xplist.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/xplist.c b/src/xplist.c index 5f63a94..f5ddddd 100644 --- a/src/xplist.c +++ b/src/xplist.c @@ -1178,6 +1178,11 @@ static void node_from_xml(parse_ctx ctx, plist_t *plist, uint32_t depth) plist_t uid = plist_dict_get_item(subnode, "CF$UID"); if (uid) { uint64_t val = 0; + if (plist_get_node_type(uid) != PLIST_UINT) { + ctx->err++; + PLIST_XML_ERR("Invalid node type for CF$UID dict entry (must be PLIST_UINT)\n"); + goto err_out; + } plist_get_uint_val(uid, &val); plist_dict_remove_item(subnode, "CF$UID"); plist_data_t nodedata = plist_get_data((node_t*)subnode); |