From 234c41cd7eead5e5a68dbaa80d26335a19cd1d83 Mon Sep 17 00:00:00 2001
From: Nikias Bassen
Date: Tue, 7 Feb 2017 03:21:52 +0100
Subject: xplist: Fix OOB read when parsing DOCTYPE

---
 src/xplist.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/xplist.c b/src/xplist.c
index d8d2d72..ec00410 100644
--- a/src/xplist.c
+++ b/src/xplist.c
@@ -875,7 +875,7 @@ static void node_from_xml(parse_ctx ctx, plist_t *plist, uint32_t depth)
                 }
                 if (embedded_dtd) {
                     find_str(ctx, "]>", 2, 1);
-                    if (strncmp(ctx->pos, "]>", 2)) {
+                    if (ctx->pos >= ctx->end || strncmp(ctx->pos, "]>", 2)) {
                         PLIST_XML_ERR("Couldn't find end of DOCTYPE\n");
                         ctx->err++;
                         goto err_out;
-- 
cgit v1.1-32-gdbae