From fa4d1ce8a6d9c0f9b1d5bbcc82c675cac601daf5 Mon Sep 17 00:00:00 2001
From: Nikias Bassen
Date: Tue, 7 Feb 2017 03:12:40 +0100
Subject: xplist: Also fix OOB read in find_char() and find_str() functions

---
 src/xplist.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/xplist.c b/src/xplist.c
index d157200..d8d2d72 100644
--- a/src/xplist.c
+++ b/src/xplist.c
@@ -435,6 +435,10 @@ static void find_char(parse_ctx ctx, char c, int skip_quotes)
         if (skip_quotes && (c != '"') && (*(ctx->pos) == '"')) {
             ctx->pos++;
             find_char(ctx, '"', 0);
+            if (ctx->pos >= ctx->end) {
+                PLIST_XML_ERR("EOF while looking for matching double quote\n");
+                return;
+            }
             if (*(ctx->pos) != '"') {
                 PLIST_XML_ERR("Unmatched double quote\n");
                 return;
@@ -453,6 +457,10 @@ static void find_str(parse_ctx ctx, const char *str, size_t len, int skip_quotes
         if (skip_quotes && (*(ctx->pos) == '"')) {
             ctx->pos++;
             find_char(ctx, '"', 0);
+            if (ctx->pos >= ctx->end) {
+                PLIST_XML_ERR("EOF while looking for matching double quote\n");
+                return;
+            }
             if (*(ctx->pos) != '"') {
                 PLIST_XML_ERR("Unmatched double quote\n");
                 return;
-- 
cgit v1.1-32-gdbae