[
https://issues.apache.org/jira/browse/XERCESC-2180?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Scott Cantor closed XERCESC-2180.
---------------------------------
> Handle surrogate pairs when reading a QName instead of ASSERTing
> ----------------------------------------------------------------
>
> Key: XERCESC-2180
> URL: https://issues.apache.org/jira/browse/XERCESC-2180
> Project: Xerces-C++
> Issue Type: Bug
> Components: Miscellaneous
> Affects Versions: 3.2.0, 3.2.1, 3.2.2
> Reporter: Alberto Massari
> Assignee: Alberto Massari
> Priority: Major
> Fix For: 3.2.3
>
> Attachments: crash.xml
>
>
> As discovered by Vincent Ulitzsch:
> {quote}The assertion fails when parsing a malformed xml-file, we attached a
> crashing testcase. We would suggest fixing this assertion, since it opens up
> the possibility
> for Denial of Service attacks via malformed xml files.{quote}
> The code expects that tre transcoder places a pair of surrogate characters in
> the Unicode buffers, but the UTF16 transcoder simply copies the data without
> checking if it ends in the middle of a surrogate pair. So the fix is to
> replace the assertion with a request for more data, and if there is no data
> or if it's not the other part of the surrogate, exit the method as we would
> be doing if we found the invalid character inside the buffer
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org
