commit | 0be2a22a6504635bb89d4fe4402a9dbe851898d4 | [log] [tgz] |
---|---|---|
author | Filippo Bigarella <filippobigarella@gmail.com> | Mon Oct 31 02:51:12 2016 +0100 |
committer | Nikias Bassen <nikias@gmx.li> | Mon Oct 31 02:51:12 2016 +0100 |
tree | 159e0f0f407581108204b087db07010c0c268453 | |
parent | 6b9ab336fe3408a4f073a487f5265a1a2ed101f7 [diff] |
xplist: Prevent heap buffer overflow when parsing empty tags If `ctx->pos - p - 1` is greater than `taglen`, we end up writing outside the buffer pointed to by `tag`. This commit fixes it by checking the bounds of the heap buffer before writing.