XML parser: numeric entity: check unicode codepoint range - sfeed

commit cbdc01910b1af558d4c2865063ad04f5645b6ff7
parent b7e288a96418e1ea5e7904ab2896edb3f4615a10
Author: Hiltjo Posthuma <hiltjo@codemadness.org>
Date:   Thu, 16 Aug 2018 14:19:09 +0200

XML parser: numeric entity: check unicode codepoint range

Diffstat:
M xml.c  | 4 ++--

1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/xml.c b/xml.c
@@ -289,8 +289,8 @@ xml_numericentitytostr(const char *e, char *buf, size_t bufsiz)
 		l = strtoul(e + 1, &end, 16);
 	else
 		l = strtoul(e, &end, 10);
-	/* invalid value or not a well-formed entity */
-	if (errno || *end != ';')
+	/* invalid value or not a well-formed entity or too high codepoint */
+	if (errno || *end != ';' || l > 0x10FFFF)
 		return 0;
 	len = xml_codepointtoutf8(l, &cp);
 	/* make string */

	sfeed simple feed reader - forked from git.codemadness.org/sfeed
	git clone git://src.gearsix.net/sfeed
	Log \| Files \| Refs \| Atom \| README \| LICENSE