Closed ypcd closed 1 month ago
OK, so your test code passes an uninitialized mxml_options_t
pointer. I'm not able to reproduce when it is initialized to NULL
.
I will also advise you not to include the Mini-XML private header since that isn't something you normally will have access to since it is private to the library, subject to change at any time, and not public API...
Hello, thank you for your reply. The source code for the example I wrote is wrong. My example cannot prove that mxml has security vulnerabilities.
mxml-V4.0.2 stack-overflow in Function mxmlLoadString
I'm building mxml 4.0.2 using clang 17 and AddressSanitizer. Performing the following operations results in a "stack-overflow" error in the mxmlLoadString function in the "mxml-file.c" file.
error message:
Reproduction steps: mxml--V4.0.2--stack-overflow.zip