Alberto Massari created XERCESC-2180:
----------------------------------------
Summary: Handle surrogate pairs when reading a QName instead of
ASSERTing
Key: XERCESC-2180
URL: https://issues.apache.org/jira/browse/XERCESC-2180
Project: Xerces-C++
Issue Type: Bug
Components: Utilities
Reporter: Alberto Massari
Assignee: Alberto Massari
Attachments: crash.xml
As discovered by Vincent Ulitzsch:
{quote}The assertion fails when parsing a malformed xml-file, we attached a
crashing testcase. We would suggest fixing this assertion, since it opens up
the possibility
for Denial of Service attacks via malformed xml files.{quote}
The code expects that tre transcoder places a pair of surrogate characters in
the Unicode buffers, but the UTF16 transcoder simply copies the data without
checking if it ends in the middle of a surrogate pair. So the fix is to replace
the assertion with a request for more data, and if there is no data or if it's
not the other part of the surrogate, exit the method as we would be doing if we
found the invalid character inside the buffer
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
