From cbdc01910b1af558d4c2865063ad04f5645b6ff7 Mon Sep 17 00:00:00 2001
From: Hiltjo Posthuma <hiltjo@codemadness.org>
Date: Thu, 16 Aug 2018 14:19:09 +0200
Subject: XML parser: numeric entity: check unicode codepoint range

---
 xml.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/xml.c b/xml.c
index da66554..07dcc7b 100644
--- a/xml.c
+++ b/xml.c
@@ -289,8 +289,8 @@ xml_numericentitytostr(const char *e, char *buf, size_t bufsiz)
 		l = strtoul(e + 1, &end, 16);
 	else
 		l = strtoul(e, &end, 10);
-	/* invalid value or not a well-formed entity */
-	if (errno || *end != ';')
+	/* invalid value or not a well-formed entity or too high codepoint */
+	if (errno || *end != ';' || l > 0x10FFFF)
 		return 0;
 	len = xml_codepointtoutf8(l, &cp);
 	/* make string */
-- 
cgit v1.2.3