xplist: Really fix OOB read when parsing DOCTYPE

commit: 9c70a359f5786639c414c179f2d9ec9f9f245ed3 [log] [tgz]
author: Nikias Bassen <nikias@gmx.li> Tue Feb 07 04:05:30 2017 +0100
committer: Nikias Bassen <nikias@gmx.li> Tue Feb 07 04:05:30 2017 +0100
tree: 3d092438b5bec688de02259c8c7a63af9df195e5
parent: 322b2c9dc4d50ee466c3fb1263b10282009a63cc [diff]
diff --git a/src/xplist.c b/src/xplist.c
index 782a71c..1c166f5 100644
--- a/src/xplist.c
+++ b/src/xplist.c

@@ -876,7 +876,7 @@
                 }
                 if (embedded_dtd) {
                     find_str(ctx, "]>", 2, 1);
-                    if (ctx->pos >= ctx->end || strncmp(ctx->pos, "]>", 2)) {
+                    if (ctx->pos > ctx->end-2 || strncmp(ctx->pos, "]>", 2)) {
                         PLIST_XML_ERR("Couldn't find end of DOCTYPE\n");
                         ctx->err++;
                         goto err_out;
commit	9c70a359f5786639c414c179f2d9ec9f9f245ed3	[log] [tgz]
author	Nikias Bassen <nikias@gmx.li>	Tue Feb 07 04:05:30 2017 +0100
committer	Nikias Bassen <nikias@gmx.li>	Tue Feb 07 04:05:30 2017 +0100
tree	3d092438b5bec688de02259c8c7a63af9df195e5
parent	322b2c9dc4d50ee466c3fb1263b10282009a63cc [diff]