You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-dev@xerces.apache.org by "Scott Cantor (Jira)" <xe...@xml.apache.org> on 2019/12/09 17:33:00 UTC
[jira] [Assigned] (XERCESC-2180) Handle surrogate pairs when
reading a QName instead of ASSERTing
[ https://issues.apache.org/jira/browse/XERCESC-2180?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Scott Cantor reassigned XERCESC-2180:
-------------------------------------
Assignee: (was: Alberto Massari)
> Handle surrogate pairs when reading a QName instead of ASSERTing
> ----------------------------------------------------------------
>
> Key: XERCESC-2180
> URL: https://issues.apache.org/jira/browse/XERCESC-2180
> Project: Xerces-C++
> Issue Type: Bug
> Components: Utilities
> Reporter: Alberto Massari
> Priority: Major
> Attachments: crash.xml
>
>
> As discovered by Vincent Ulitzsch:
> {quote}The assertion fails when parsing a malformed xml-file, we attached a crashing testcase. We would suggest fixing this assertion, since it opens up the possibility
> for Denial of Service attacks via malformed xml files.{quote}
> The code expects that tre transcoder places a pair of surrogate characters in the Unicode buffers, but the UTF16 transcoder simply copies the data without checking if it ends in the middle of a surrogate pair. So the fix is to replace the assertion with a request for more data, and if there is no data or if it's not the other part of the surrogate, exit the method as we would be doing if we found the invalid character inside the buffer
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org