代码拉取完成,页面将自动刷新
同步操作将从 src-openEuler/libxml2 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
From b9bdb9dbfda8f591f1797ad90f900bf44ad39d45 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Tue, 19 Mar 2019 17:44:51 +0100
Subject: [PATCH 13/37] Check for integer overflow in xmlXPtrEvalChildSeq
Found with libFuzzer and UBSan.
---
xpointer.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/xpointer.c b/xpointer.c
index 6a41f07..0467411 100644
--- a/xpointer.c
+++ b/xpointer.c
@@ -1202,13 +1202,23 @@ xmlXPtrEvalChildSeq(xmlXPathParserContextPtr ctxt, xmlChar *name) {
}
while (CUR == '/') {
- int child = 0;
+ int child = 0, overflow = 0;
NEXT;
while ((CUR >= '0') && (CUR <= '9')) {
- child = child * 10 + (CUR - '0');
+ int d = CUR - '0';
+ if (child > INT_MAX / 10)
+ overflow = 1;
+ else
+ child *= 10;
+ if (child > INT_MAX - d)
+ overflow = 1;
+ else
+ child += d;
NEXT;
}
+ if (overflow)
+ child = 0;
xmlXPtrGetChildNo(ctxt, child);
}
}
--
1.8.3.1
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。