diff options
| author | Tor Andersson <tor.andersson@artifex.com> | 2016-12-28 13:20:16 +0100 |
|---|---|---|
| committer | Tor Andersson <tor.andersson@artifex.com> | 2017-01-09 13:21:40 +0100 |
| commit | 7a439812b2226c1e3b203ec603f05b39d159f91e (patch) | |
| tree | 527c9875c6befd905ffba752079c51c0799a8d7a /source | |
| parent | bbcc85a9f746c161b2e23c6057e69ec7b967252b (diff) | |
| download | mupdf-7a439812b2226c1e3b203ec603f05b39d159f91e.tar.xz | |
Fix potential buffer overrun when decoding UTF-16 in XML parser.
Diffstat (limited to 'source')
| -rw-r--r-- | source/fitz/xml.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/source/fitz/xml.c b/source/fitz/xml.c index 47b9461b..d063ee33 100644 --- a/source/fitz/xml.c +++ b/source/fitz/xml.c @@ -593,7 +593,7 @@ static char *convert_to_utf8(fz_context *doc, unsigned char *s, size_t n, int *d if (s[0] == 0xFE && s[1] == 0xFF) { s += 2; - dst = d = fz_malloc(doc, n * 2); + dst = d = fz_malloc(doc, n * FZ_UTFMAX); while (s + 1 < e) { c = s[0] << 8 | s[1]; d += fz_runetochar(d, c); @@ -606,7 +606,7 @@ static char *convert_to_utf8(fz_context *doc, unsigned char *s, size_t n, int *d if (s[0] == 0xFF && s[1] == 0xFE) { s += 2; - dst = d = fz_malloc(doc, n * 2); + dst = d = fz_malloc(doc, n * FZ_UTFMAX); while (s + 1 < e) { c = s[0] | s[1] << 8; d += fz_runetochar(d, c); |