[
https://issues.apache.org/jira/browse/XERCESC-2180?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16991794#comment-16991794
]
Scott Cantor commented on XERCESC-2180:
---------------------------------------
I don't have the capacity personally to ever touch any of the trancoding or
Unicode logic without a patch, it would be too risky. If you had a patch to
suggest that would go a long way, but even then we would have to be pretty
careful about things.
> Handle surrogate pairs when reading a QName instead of ASSERTing
> ----------------------------------------------------------------
>
> Key: XERCESC-2180
> URL: https://issues.apache.org/jira/browse/XERCESC-2180
> Project: Xerces-C++
> Issue Type: Bug
> Components: Utilities
> Reporter: Alberto Massari
> Assignee: Alberto Massari
> Priority: Major
> Attachments: crash.xml
>
>
> As discovered by Vincent Ulitzsch:
> {quote}The assertion fails when parsing a malformed xml-file, we attached a
> crashing testcase. We would suggest fixing this assertion, since it opens up
> the possibility
> for Denial of Service attacks via malformed xml files.{quote}
> The code expects that tre transcoder places a pair of surrogate characters in
> the Unicode buffers, but the UTF16 transcoder simply copies the data without
> checking if it ends in the middle of a surrogate pair. So the fix is to
> replace the assertion with a request for more data, and if there is no data
> or if it's not the other part of the surrogate, exit the method as we would
> be doing if we found the invalid character inside the buffer
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
