diff options
| author | 2016-10-31 02:51:12 +0100 | |
|---|---|---|
| committer | 2016-10-31 02:51:12 +0100 | |
| commit | 0be2a22a6504635bb89d4fe4402a9dbe851898d4 (patch) | |
| tree | 159e0f0f407581108204b087db07010c0c268453 /src/plist.h | |
| parent | 6b9ab336fe3408a4f073a487f5265a1a2ed101f7 (diff) | |
| download | libplist-0be2a22a6504635bb89d4fe4402a9dbe851898d4.tar.gz libplist-0be2a22a6504635bb89d4fe4402a9dbe851898d4.tar.bz2 | |
xplist: Prevent heap buffer overflow when parsing empty tags
If `ctx->pos - p - 1` is greater than `taglen`, we end up writing outside
the buffer pointed to by `tag`. This commit fixes it by checking the bounds
of the heap buffer before writing.
Diffstat (limited to 'src/plist.h')
0 files changed, 0 insertions, 0 deletions
