[
https://issues.apache.org/jira/browse/XERCESC-2180?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Scott Cantor reassigned XERCESC-2180:
-------------------------------------
Assignee: (was: Alberto Massari)
> Handle surrogate pairs when reading a QName instead of ASSERTing
> ----------------------------------------------------------------
>
> Key: XERCESC-2180
> URL: https://issues.apache.org/jira/browse/XERCESC-2180
> Project: Xerces-C++
> Issue Type: Bug
> Components: Utilities
> Reporter: Alberto Massari
> Priority: Major
> Attachments: crash.xml
>
>
> As discovered by Vincent Ulitzsch:
> {quote}The assertion fails when parsing a malformed xml-file, we attached a
> crashing testcase. We would suggest fixing this assertion, since it opens up
> the possibility
> for Denial of Service attacks via malformed xml files.{quote}
> The code expects that tre transcoder places a pair of surrogate characters in
> the Unicode buffers, but the UTF16 transcoder simply copies the data without
> checking if it ends in the middle of a surrogate pair. So the fix is to
> replace the assertion with a request for more data, and if there is no data
> or if it's not the other part of the surrogate, exit the method as we would
> be doing if we found the invalid character inside the buffer
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
