Control: reopen -1 Hi
I just schecked again, CVE-2016-4571 part at least is not yet fixed. Building mxml with ASan, leads to the following with the stack-exhaustion-2.xml reproducer: ==10554==ERROR: AddressSanitizer: stack-overflow on address 0x7ffe8f42ce88 (pc 0x7f67a5de43e4 bp 0x7ffe8f42d6f0 sp 0x7ffe8f42ce90 T0) #0 0x7f67a5de43e3 in strlen (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x6d3e3) #1 0x40c499 in mxml_write_node /root/mxml-2.9/mxml-file.c:2749 #2 0x40c931 in mxml_write_node /root/mxml-2.9/mxml-file.c:2811 #3 0x40c931 in mxml_write_node /root/mxml-2.9/mxml-file.c:2811 #4 0x40c931 in mxml_write_node /root/mxml-2.9/mxml-file.c:2811 [...] #246 0x40c931 in mxml_write_node /root/mxml-2.9/mxml-file.c:2811 #247 0x40c931 in mxml_write_node /root/mxml-2.9/mxml-file.c:2811 #248 0x40c931 in mxml_write_node /root/mxml-2.9/mxml-file.c:2811 #249 0x40c931 in mxml_write_node /root/mxml-2.9/mxml-file.c:2811 #250 0x40c931 in mxml_write_node /root/mxml-2.9/mxml-file.c:2811 #251 0x40c931 in mxml_write_node /root/mxml-2.9/mxml-file.c:2811 SUMMARY: AddressSanitizer: stack-overflow ??:0 strlen ==10554==ABORTING Regards, Salvatore