Google Git
Sign in
android/platform/external/libxml2/b9d9cac
commit
b9d9cacf224773f3fee756e7d8940be4ffee199c
[log]
author
Brian C. Young <bcyoung@google.com>
Mon Apr 03 12:39:04 2017 -0700
committer
JP Sugarbroad <jpsugar@google.com>
Thu Apr 13 19:55:32 2017 +0000
tree
14940d6ea777c7525d71d217a2842eef464d0bf4
parent
cb49e764a467ce03c0da861c7d05fa75dcd4d915 [diff]
DO NOT MERGE: Disallow namespace nodes in XPointer ranges

Namespace nodes must be copied to avoid use-after-free errors.
But they don't necessarily have a physical representation in a
document, so simply disallow them in XPointer ranges.

Found with afl-fuzz.

Fixes CVE-2016-4658.

Bug: 36554207
Change-Id: Ie570c4a53ae8ca82ed4ca19701ab7d8ba9b0468f
(cherry picked from commit 802cd32b480db799d282557ebbfddc1cf074be5f)
1 file changed
tree: 14940d6ea777c7525d71d217a2842eef464d0bf4
  1. bakefile/
  2. doc/
  3. example/
  4. include/
  5. macos/
  6. optim/
  7. os400/
  8. python/
  9. result/
  10. test/
  11. vms/
  12. VxWorks/
  13. win32/
  14. xstc/
  15. NOTICECopyright
  16. .gitignore
  17. acinclude.m4
  18. Android.mk
  19. AUTHORS
  20. autogen.sh
  21. buf.c
  22. buf.h
  23. build_glob.py
  24. c14n.c
  25. catalog.c
  26. ChangeLog
  27. check-relaxng-test-suite.py
  28. check-relaxng-test-suite2.py
  29. check-xinclude-test-suite.py
  30. check-xml-test-suite.py
  31. check-xsddata-test-suite.py
  32. chvalid.c
  33. chvalid.def
  34. CleanSpec.mk
  35. config.h
  36. configure.ac
  37. Copyright
  38. dbgen.pl
  39. dbgenattr.pl
  40. debugXML.c
  41. dict.c
  42. DOCBparser.c
  43. elfgcchack.h
  44. enc.h
  45. encoding.c
  46. entities.c
  47. error.c
  48. genChRanges.py
  49. gentest.py
  50. genUnicode.py
  51. global.data
  52. globals.c
  53. HACKING
  54. hash.c
  55. HTMLparser.c
  56. HTMLtree.c
  57. INSTALL.libxml2
  58. legacy.c
  59. libxml-2.0-uninstalled.pc.in
  60. libxml-2.0.pc.in
  61. libxml.3
  62. libxml.h
  63. libxml.m4
  64. libxml.spec.in
  65. libxml2-config.cmake.in
  66. libxml2.doap
  67. libxml2.syms
  68. list.c
  69. MAINTAINERS
  70. Makefile.am
  71. Makefile.tests
  72. Makefile.win
  73. MODULE_LICENSE_MIT
  74. nanoftp.c
  75. nanohttp.c
  76. NEWS
  77. parser.c
  78. parserInternals.c
  79. pattern.c
  80. README
  81. README.cvs-commits
  82. README.tests
  83. regressions.py
  84. regressions.xml
  85. relaxng.c
  86. rngparser.c
  87. runsuite.c
  88. runtest.c
  89. runxmlconf.c
  90. save.h
  91. SAX.c
  92. SAX2.c
  93. schematron.c
  94. testapi.c
  95. testAutomata.c
  96. testC14N.c
  97. testchar.c
  98. testdict.c
  99. testdso.c
  100. testHTML.c
  101. testlimits.c
  102. testModule.c
  103. testOOM.c
  104. testOOMlib.c
  105. testOOMlib.h
  106. testReader.c
  107. testrecurse.c
  108. testRegexp.c
  109. testRelax.c
  110. testSAX.c
  111. testSchemas.c
  112. testThreads.c
  113. testThreadsWin32.c
  114. testURI.c
  115. testXPath.c
  116. threads.c
  117. timsort.h
  118. TODO
  119. TODO_SCHEMAS
  120. tree.c
  121. trio.c
  122. trio.h
  123. triodef.h
  124. trionan.c
  125. trionan.h
  126. triop.h
  127. triostr.c
  128. triostr.h
  129. uri.c
  130. valid.c
  131. xinclude.c
  132. xlink.c
  133. xml2-config.1
  134. xml2-config.in
  135. xml2Conf.sh.in
  136. xmlcatalog.c
  137. xmlIO.c
  138. xmllint.c
  139. xmlmemory.c
  140. xmlmodule.c
  141. xmlreader.c
  142. xmlregexp.c
  143. xmlsave.c
  144. xmlschemas.c
  145. xmlschemastypes.c
  146. xmlstring.c
  147. xmlunicode.c
  148. xmlwriter.c
  149. xpath.c
  150. xpointer.c
  151. xzlib.c
  152. xzlib.h