commit | b9d9cacf224773f3fee756e7d8940be4ffee199c | [log] [tgz] |
---|---|---|
author | Brian C. Young <bcyoung@google.com> | Mon Apr 03 12:39:04 2017 -0700 |
committer | JP Sugarbroad <jpsugar@google.com> | Thu Apr 13 19:55:32 2017 +0000 |
tree | 14940d6ea777c7525d71d217a2842eef464d0bf4 | |
parent | cb49e764a467ce03c0da861c7d05fa75dcd4d915 [diff] |
DO NOT MERGE: Disallow namespace nodes in XPointer ranges Namespace nodes must be copied to avoid use-after-free errors. But they don't necessarily have a physical representation in a document, so simply disallow them in XPointer ranges. Found with afl-fuzz. Fixes CVE-2016-4658. Bug: 36554207 Change-Id: Ie570c4a53ae8ca82ed4ca19701ab7d8ba9b0468f (cherry picked from commit 802cd32b480db799d282557ebbfddc1cf074be5f)