You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-dev@xerces.apache.org by "Scott Cantor (Jira)" <xe...@xml.apache.org> on 2019/12/09 17:33:00 UTC
[jira] [Commented] (XERCESC-2180) Handle surrogate pairs when
reading a QName instead of ASSERTing
[ https://issues.apache.org/jira/browse/XERCESC-2180?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16991794#comment-16991794 ]
Scott Cantor commented on XERCESC-2180:
---------------------------------------
I don't have the capacity personally to ever touch any of the trancoding or Unicode logic without a patch, it would be too risky. If you had a patch to suggest that would go a long way, but even then we would have to be pretty careful about things.
> Handle surrogate pairs when reading a QName instead of ASSERTing
> ----------------------------------------------------------------
>
> Key: XERCESC-2180
> URL: https://issues.apache.org/jira/browse/XERCESC-2180
> Project: Xerces-C++
> Issue Type: Bug
> Components: Utilities
> Reporter: Alberto Massari
> Assignee: Alberto Massari
> Priority: Major
> Attachments: crash.xml
>
>
> As discovered by Vincent Ulitzsch:
> {quote}The assertion fails when parsing a malformed xml-file, we attached a crashing testcase. We would suggest fixing this assertion, since it opens up the possibility
> for Denial of Service attacks via malformed xml files.{quote}
> The code expects that tre transcoder places a pair of surrogate characters in the Unicode buffers, but the UTF16 transcoder simply copies the data without checking if it ends in the middle of a surrogate pair. So the fix is to replace the assertion with a request for more data, and if there is no data or if it's not the other part of the surrogate, exit the method as we would be doing if we found the invalid character inside the buffer
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org