mirror of
https://github.com/TerryCavanagh/VVVVVV.git
synced 2025-01-11 11:29:45 +01:00
Fix out-of-bounds indexing with malformed XML entities in find_tag()
find_tag() would commit out-of-bounds indexing if someone made a level file with malformed XML entity encodings in the metadata tags. This would happen if the end of the string followed immediately after an ampersand and hash, or if there wasn't a semicolon ending an XML entity. Valgrind complains about these, so I've fixed it.
This commit is contained in:
parent
5de7c180ea
commit
a2ba37a1a4
1 changed files with 11 additions and 0 deletions
|
@ -146,8 +146,19 @@ std::string find_tag(const std::string& buf, const std::string& start, const std
|
||||||
size_t start_pos = 0;
|
size_t start_pos = 0;
|
||||||
while ((start_pos = value.find("&#", start_pos)) != std::string::npos)
|
while ((start_pos = value.find("&#", start_pos)) != std::string::npos)
|
||||||
{
|
{
|
||||||
|
if (start_pos + 2 >= value.length())
|
||||||
|
{
|
||||||
|
return "";
|
||||||
|
}
|
||||||
|
|
||||||
bool hex = value[start_pos + 2] == 'x';
|
bool hex = value[start_pos + 2] == 'x';
|
||||||
size_t end = value.find(';', start_pos);
|
size_t end = value.find(';', start_pos);
|
||||||
|
|
||||||
|
if (end == std::string::npos)
|
||||||
|
{
|
||||||
|
return "";
|
||||||
|
}
|
||||||
|
|
||||||
size_t real_start = start_pos + 2 + ((int) hex);
|
size_t real_start = start_pos + 2 + ((int) hex);
|
||||||
std::string number(value.substr(real_start, end - real_start));
|
std::string number(value.substr(real_start, end - real_start));
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue