summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHiltjo Posthuma <hiltjo@codemadness.org>2018-08-16 14:19:09 +0200
committerHiltjo Posthuma <hiltjo@codemadness.org>2018-08-16 14:19:09 +0200
commitcbdc01910b1af558d4c2865063ad04f5645b6ff7 (patch)
tree0a32ba42ab0544a4e2e5854e7503f9a0e13c9694
parentb7e288a96418e1ea5e7904ab2896edb3f4615a10 (diff)
XML parser: numeric entity: check unicode codepoint range
-rw-r--r--xml.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/xml.c b/xml.c
index da66554..07dcc7b 100644
--- a/xml.c
+++ b/xml.c
@@ -289,8 +289,8 @@ xml_numericentitytostr(const char *e, char *buf, size_t bufsiz)
l = strtoul(e + 1, &end, 16);
else
l = strtoul(e, &end, 10);
- /* invalid value or not a well-formed entity */
- if (errno || *end != ';')
+ /* invalid value or not a well-formed entity or too high codepoint */
+ if (errno || *end != ';' || l > 0x10FFFF)
return 0;
len = xml_codepointtoutf8(l, &cp);
/* make string */