diff options
| author | Idan Horowitz <idan.horowitz@gmail.com> | 2022-07-10 19:48:02 +0300 |
|---|---|---|
| committer | Idan Horowitz <idan.horowitz@gmail.com> | 2022-07-10 22:29:11 +0300 |
| commit | 18d25124bfeda7a64f5c32812401c4b126766b15 (patch) | |
| tree | bea3e744b1811d5a5fe30866855eb31c13d697fc /Userland | |
| parent | 1d96c30488a80602c1e773fe97c48f8711dd0361 (diff) | |
| download | serenity-18d25124bfeda7a64f5c32812401c4b126766b15.zip | |
LibXML: Fail gracefully on integer overflow in character references
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47738
Diffstat (limited to 'Userland')
| -rw-r--r-- | Userland/Libraries/LibXML/Parser/Parser.cpp | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/Userland/Libraries/LibXML/Parser/Parser.cpp b/Userland/Libraries/LibXML/Parser/Parser.cpp index d32ca51c75..1fd23effc1 100644 --- a/Userland/Libraries/LibXML/Parser/Parser.cpp +++ b/Userland/Libraries/LibXML/Parser/Parser.cpp @@ -758,26 +758,26 @@ ErrorOr<Variant<Parser::EntityReference, String>, ParseError> Parser::parse_refe auto name_result = parse_name(); if (name_result.is_error()) { TRY(expect("#")); - u32 code_point; + Optional<u32> code_point; if (m_lexer.consume_specific('x')) { auto hex = TRY(expect_many( ranges_for_search<Range('0', '9'), Range('a', 'f'), Range('A', 'F')>(), "any of [0-9a-fA-F]")); - code_point = *AK::StringUtils::convert_to_uint_from_hex<u32>(hex); + code_point = AK::StringUtils::convert_to_uint_from_hex<u32>(hex); } else { auto decimal = TRY(expect_many( ranges_for_search<Range('0', '9')>(), "any of [0-9]")); - code_point = *decimal.to_uint<u32>(); + code_point = decimal.to_uint<u32>(); } - if (!s_characters.contains(code_point)) + if (!code_point.has_value() || !s_characters.contains(*code_point)) return parse_error(reference_start, "Invalid character reference"); TRY(expect(";")); StringBuilder builder; - builder.append_code_point(code_point); + builder.append_code_point(*code_point); rollback.disarm(); return builder.to_string(); |