[jira] [Resolved] (XERCESC-2217) ICUTranscoder::transcodeFrom buffer overflow

Scott Cantor (Jira) Wed, 05 Oct 2022 10:52:09 -0700


     [ 
https://issues.apache.org/jira/browse/XERCESC-2217?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Scott Cantor resolved XERCESC-2217.
-----------------------------------
    Resolution: Fixed

Verified this was applied to both branches.

> ICUTranscoder::transcodeFrom buffer overflow
> --------------------------------------------
>
>                 Key: XERCESC-2217
>                 URL: https://issues.apache.org/jira/browse/XERCESC-2217
>             Project: Xerces-C++
>          Issue Type: Bug
>    Affects Versions: 3.2.3
>            Reporter: Roger Leigh
>            Assignee: Roger Leigh
>            Priority: Major
>             Fix For: 4.0.0, 3.2.4
>
>
> See https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35373
> When charsDecoded == 0, the line for (index = 0; index < charsDecoded - 1; 
> index++) will cause to read out of bounds of fSrcOffsets, due to unsigned 
> integer underflow rules.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Resolved] (XERCESC-2217) ICUTranscoder::transcodeFrom buffer overflow

Reply via email to