[ https://issues.apache.org/jira/browse/XERCESC-2180?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Scott Cantor closed XERCESC-2180. --------------------------------- > Handle surrogate pairs when reading a QName instead of ASSERTing > ---------------------------------------------------------------- > > Key: XERCESC-2180 > URL: https://issues.apache.org/jira/browse/XERCESC-2180 > Project: Xerces-C++ > Issue Type: Bug > Components: Miscellaneous > Affects Versions: 3.2.0, 3.2.1, 3.2.2 > Reporter: Alberto Massari > Assignee: Alberto Massari > Priority: Major > Fix For: 3.2.3 > > Attachments: crash.xml > > > As discovered by Vincent Ulitzsch: > {quote}The assertion fails when parsing a malformed xml-file, we attached a > crashing testcase. We would suggest fixing this assertion, since it opens up > the possibility > for Denial of Service attacks via malformed xml files.{quote} > The code expects that tre transcoder places a pair of surrogate characters in > the Unicode buffers, but the UTF16 transcoder simply copies the data without > checking if it ends in the middle of a surrogate pair. So the fix is to > replace the assertion with a request for more data, and if there is no data > or if it's not the other part of the surrogate, exit the method as we would > be doing if we found the invalid character inside the buffer -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org