From 9c70a359f5786639c414c179f2d9ec9f9f245ed3 Mon Sep 17 00:00:00 2001
From: Nikias Bassen
Date: Tue, 7 Feb 2017 04:05:30 +0100
Subject: xplist: Really fix OOB read when parsing DOCTYPE

---
 src/xplist.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/xplist.c b/src/xplist.c
index 782a71c..1c166f5 100644
--- a/src/xplist.c
+++ b/src/xplist.c
@@ -876,7 +876,7 @@ static void node_from_xml(parse_ctx ctx, plist_t *plist, uint32_t depth)
                 }
                 if (embedded_dtd) {
                     find_str(ctx, "]>", 2, 1);
-                    if (ctx->pos >= ctx->end || strncmp(ctx->pos, "]>", 2)) {
+                    if (ctx->pos > ctx->end-2 || strncmp(ctx->pos, "]>", 2)) {
                         PLIST_XML_ERR("Couldn't find end of DOCTYPE\n");
                         ctx->err++;
                         goto err_out;
-- 
cgit v1.1-32-gdbae