153aa9179Sopenharmony_ciFrom 5d55315e32b34af7070d38060ccf9a60941b9696 Mon Sep 17 00:00:00 2001 253aa9179Sopenharmony_ciFrom: Nick Wellnhofer <wellnhofer@aevum.de> 353aa9179Sopenharmony_ciDate: Sat, 18 Feb 2023 17:29:07 +0100 453aa9179Sopenharmony_ciSubject: [PATCH] parser: Fix OOB read when formatting error message 553aa9179Sopenharmony_ci 653aa9179Sopenharmony_ciDon't try to print characters beyond the end of the buffer. 753aa9179Sopenharmony_ci 853aa9179Sopenharmony_ciFound by OSS-Fuzz. 953aa9179Sopenharmony_ci 1053aa9179Sopenharmony_ciReference:https://github.com/GNOME/libxml2/commit/5d55315e32b34af7070d38060ccf9a60941b9696 1153aa9179Sopenharmony_ciConflict:NA 1253aa9179Sopenharmony_ci--- 1353aa9179Sopenharmony_ci parser.c | 6 +++++- 1453aa9179Sopenharmony_ci 1 file changed, 5 insertions(+), 1 deletion(-) 1553aa9179Sopenharmony_ci 1653aa9179Sopenharmony_cidiff --git a/parser.c b/parser.c 1753aa9179Sopenharmony_ciindex 37d7dec..c276a1a 100644 1853aa9179Sopenharmony_ci--- a/parser.c 1953aa9179Sopenharmony_ci+++ b/parser.c 2053aa9179Sopenharmony_ci@@ -12162,7 +12162,11 @@ done: 2153aa9179Sopenharmony_ci #endif 2253aa9179Sopenharmony_ci return(ret); 2353aa9179Sopenharmony_ci encoding_error: 2453aa9179Sopenharmony_ci- { 2553aa9179Sopenharmony_ci+ if (ctxt->input->end - ctxt->input->cur < 4) { 2653aa9179Sopenharmony_ci+ __xmlErrEncoding(ctxt, XML_ERR_INVALID_CHAR, 2753aa9179Sopenharmony_ci+ "Input is not proper UTF-8, indicate encoding !\n", 2853aa9179Sopenharmony_ci+ NULL, NULL); 2953aa9179Sopenharmony_ci+ } else { 3053aa9179Sopenharmony_ci char buffer[150]; 3153aa9179Sopenharmony_ci 3253aa9179Sopenharmony_ci snprintf(buffer, 149, "Bytes: 0x%02X 0x%02X 0x%02X 0x%02X\n", 3353aa9179Sopenharmony_ci-- 3453aa9179Sopenharmony_ci2.27.0 3553aa9179Sopenharmony_ci 36