diff options
author | Daniel Silverstone <dsilvers@digital-scurf.org> | 2016-08-27 21:05:30 +0100 |
---|---|---|
committer | Daniel Silverstone <dsilvers@digital-scurf.org> | 2016-08-27 21:05:30 +0100 |
commit | a1cb751bb8579a9071b255aa3c89abce0394b206 (patch) | |
tree | aa000f41a1a6cf005026941bffa95ce57861ae69 /bindings | |
parent | 2863a608fdf5ce606388e1f36f0e395a17932fed (diff) | |
download | libdom-a1cb751bb8579a9071b255aa3c89abce0394b206.tar.gz libdom-a1cb751bb8579a9071b255aa3c89abce0394b206.tar.bz2 |
Slightly better fix for afl issues
Diffstat (limited to 'bindings')
-rw-r--r-- | bindings/xml/expat_xmlparser.c | 35 |
1 files changed, 15 insertions, 20 deletions
diff --git a/bindings/xml/expat_xmlparser.c b/bindings/xml/expat_xmlparser.c index 278073c..e5bc2e6 100644 --- a/bindings/xml/expat_xmlparser.c +++ b/bindings/xml/expat_xmlparser.c @@ -45,10 +45,7 @@ expat_xmlparser_start_element_handler(void *_parser, dom_string *namespace = NULL; const XML_Char *ns_sep = strchr(name, '\n'); - if (parser->current == NULL) { - /* not currently building a node so cannot add elemnt to it */ - return; - } + assert(parser->current); if (ns_sep != NULL) { err = dom_string_create_interned((const uint8_t *)name, @@ -179,15 +176,19 @@ expat_xmlparser_end_element_handler(void *_parser, UNUSED(name); - if (parser->current == NULL) { - /* not currently building a node so cannot end elemnt - * addition to it. - */ - return; - } + assert(parser->current); err = dom_node_get_parent_node(parser->current, &parent); + if (parent == NULL || parent == (dom_node *)parser->doc) { + /* The XML has tried to close more than it should */ + if (parent != NULL) + dom_node_unref(parent); + parser->msg(DOM_MSG_CRITICAL, parser->mctx, + "Attempted to close more than was opened."); + return; + } + if (err != DOM_NO_ERR) { parser->msg(DOM_MSG_CRITICAL, parser->mctx, "Unable to find a parent while closing element."); @@ -225,10 +226,7 @@ expat_xmlparser_cdata_handler(void *_parser, struct dom_node *cdata, *ins_cdata, *lastchild = NULL; dom_node_type ntype = 0; - if (parser->current == NULL) { - /* not currently building a node so cannot add cdata to it */ - return; - } + assert(parser->current); err = dom_string_create((const uint8_t *)s, len, &data); if (err != DOM_NO_ERR) { @@ -359,10 +357,7 @@ expat_xmlparser_comment_handler(void *_parser, dom_string *data; dom_exception err; - if (parser->current == NULL) { - /* not currently building a node so cannot have comment */ - return; - } + assert(parser->current); /* Create DOM string data for comment */ err = dom_string_create((const uint8_t *)_comment, @@ -558,8 +553,8 @@ void dom_xml_parser_destroy(dom_xml_parser *parser) { XML_ParserFree(parser->parser); - if (parser->current != NULL) - dom_node_unref(parser->current); + assert(parser->current); + dom_node_unref(parser->current); dom_node_unref(parser->doc); free(parser); } |