memory invalid read & writte

meduketto / iksemel

Automatically exported from code.google.com/p/iksemel

GNU Lesser General Public License v2.1

31 stars 24 forks source link

memory invalid read & writte #16

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

What steps will reproduce the problem?
1. In sax_core (iksparser *prs, char *buf, int len)
2. When attribute multiples of 12

code in sax.c:388: 
prs->atts[prs->attcur] = NULL;
this will lead a invalid write.

replace the line in sax.c:358
if (prs->attcur >= (prs->attmax * 2)) 
with this:
if (prs->attcur >= ((prs->attmax - 1)* 2))

Original issue reported on code.google.com by yunhappy...@gmail.com on 21 Apr 2009 at 7:27

GoogleCodeExporter commented 9 years ago

Many thanks for reporting. Fixed in trunk.

Original comment by meduke...@gmail.com on 18 Jul 2009 at 9:13

Changed state: Fixed