*** parserInternals.c.orig 2007-12-17 11:46:38.000000000 +0100
--- parserInternals.c 2007-12-17 11:46:47.000000000 +0100
*************** xmlCurrentChar(xmlParserCtxtPtr ctxt, in
*** 638,651 ****
c = *cur;
if (c & 0x80) {
! if (c == 0xC0)
goto encoding_error;
if (cur[1] == 0)
xmlParserInputGrow(ctxt->input, INPUT_CHUNK);
if ((cur[1] & 0xc0) != 0x80)
goto encoding_error;
if ((c & 0xe0) == 0xe0) {
-
if (cur[2] == 0)
xmlParserInputGrow(ctxt->input, INPUT_CHUNK);
if ((cur[2] & 0xc0) != 0x80)
--- 638,650 ----
c = *cur;
if (c & 0x80) {
! if (((c & 0x40) == 0) || (c == 0xC0))
goto encoding_error;
if (cur[1] == 0)
xmlParserInputGrow(ctxt->input, INPUT_CHUNK);
if ((cur[1] & 0xc0) != 0x80)
goto encoding_error;
if ((c & 0xe0) == 0xe0) {
if (cur[2] == 0)
xmlParserInputGrow(ctxt->input, INPUT_CHUNK);
if ((cur[2] & 0xc0) != 0x80)
*************** xmlCurrentChar(xmlParserCtxtPtr ctxt, in
*** 662,679 ****
--- 661,684 ----
val |= (cur[1] & 0x3f) << 12;
val |= (cur[2] & 0x3f) << 6;
val |= cur[3] & 0x3f;
+ if (val < 0x10000)
+ goto encoding_error;
} else {
/* 3-byte code */
*len = 3;
val = (cur[0] & 0xf) << 12;
val |= (cur[1] & 0x3f) << 6;
val |= cur[2] & 0x3f;
+ if (val < 0x800)
+ goto encoding_error;
}
} else {
/* 2-byte code */
*len = 2;
val = (cur[0] & 0x1f) << 6;
val |= cur[1] & 0x3f;
+ if (val < 0x80)
+ goto encoding_error;
}
if (!IS_CHAR(val)) {
xmlErrEncodingInt(ctxt, XML_ERR_INVALID_CHAR,
*************** xmlCurrentChar(xmlParserCtxtPtr ctxt, in
*** 683,688 ****
--- 688,700 ----
} else {
/* 1-byte code */
*len = 1;
+ if (*ctxt->input->cur == 0)
+ xmlParserInputGrow(ctxt->input, INPUT_CHUNK);
+ if ((*ctxt->input->cur == 0) &&
+ (ctxt->input->end > ctxt->input->cur)) {
+ xmlErrEncodingInt(ctxt, XML_ERR_INVALID_CHAR,
+ "Char 0x%X out of allowed range\n", val);
+ }
if (*ctxt->input->cur == 0xD) {
if (ctxt->input->cur[1] == 0xA) {
ctxt->nbChars++;
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
media
>
main-src
>
by-pkgid
>
6709f41e1c9c0ac6e610e609c299d4fb
>
files
>
32
