From 7a3ce8da05c3ce93121676e286ab4d40305b21bb Mon Sep 17 00:00:00 2001
From: Nikias Bassen
Date: Mon, 2 Jan 2017 00:20:15 +0100
Subject: xplist: Make sure to error out when encountering empty/incomplete
 entities

---
 src/xplist.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/xplist.c b/src/xplist.c
index b1bdd46..a7d0722 100644
--- a/src/xplist.c
+++ b/src/xplist.c
@@ -640,7 +640,8 @@ static int unescape_entities(char *str, size_t *length)
                 i++;
             }
             if (i >= len) {
-                break;
+                PLIST_XML_ERR("Invalid entity sequence encountered (missing terminating ';')\n");
+                return -1;
             }
             if (str+i >= entp+1) {
                 int entlen = str+i - entp;
@@ -714,6 +715,9 @@ static int unescape_entities(char *str, size_t *length)
                 i -= entlen+1 - bytelen;
                 len -= entlen+2 - bytelen;
                 continue;
+            } else {
+                PLIST_XML_ERR("Invalid empty entity sequence &;\n");
+                return -1;
             }
         }
         i++;
-- 
cgit v1.1-32-gdbae