search

Leonidas-from-XIV / node-xml2js

XML to JavaScript object converter.
MIT License
4.88k stars 602 forks source link

Bug: TypeError #544

Closed yevgenypats closed 2 years ago

yevgenypats commented 4 years ago

Hey there,

The following code produce TypeError: obj[charkey].match is not a function

xml2js = require('xml2js');
var parser = new xml2js.Parser();
parser.parseString(Buffer.from('3c4f3eff00002f3e3c5f2f3e3c2f4f3eff3e4f3ead3ce42f3e3ce4c9ff002fe4ad5f0109900aad3c4f3ead', 'hex')).toString()

TypeError: obj[charkey].match is not a function
    at SAXParser.onclosetag (/node_modules/xml2js/lib/parser.js:187:28)
    at emit (/node_modules/sax/lib/sax.js:624:35)
    at emitNode (/node_modules/sax/lib/sax.js:629:5)
    at closeTag (/node_modules/sax/lib/sax.js:889:7)
    at SAXParser.write (/node_modules/sax/lib/sax.js:1436:13)
    at Parser.exports.Parser.Parser.parseString (/node_modules/xml2js/lib/parser.js:325:31)
    at Parser.parseString (/node_modules/xml2js/lib/parser.js:5:59)

It was found by jsfuzz

Cheers, Yevgeny

Omega-Ariston commented 4 years ago

You may wanna double check the structure of your input XML. I tried several encoding format but none of them parsed to a correct XML. 8

noBlubb commented 4 years ago

Input generated by the fuzzer (jsfuzz) is likely to not be valid xml. The library should be able to detect this properly instead of throwing a generic TypeError when accessing an invalid property / function.