summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorzuul <zuul@gerrit.asterisk.org>2017-03-22 07:06:16 -0500
committerGerrit Code Review <gerrit2@gerrit.digium.api>2017-03-22 07:06:16 -0500
commit14a9a6fc099c833d355df2ef771e8554ac4b33e1 (patch)
treec6baa5f666916297199801960dbcd6e809732e43
parentd7ba743329829c5fddb0040708d80461e34e0677 (diff)
parent91c97b5da5fd7008b8a5f90565ba26d72c014d9f (diff)
Merge "pjsip: prevent memory corruption on creation of xml bodies" into 13
Diffstat
-rw-r--r--third-party/pjproject/patches/0025-fix-print-xml-crash.patch24
1 files changed, 24 insertions, 0 deletions
diff --git a/third-party/pjproject/patches/0025-fix-print-xml-crash.patch b/third-party/pjproject/patches/0025-fix-print-xml-crash.patch
new file mode 100644
index 000000000..eafc38906
--- /dev/null
+++ b/third-party/pjproject/patches/0025-fix-print-xml-crash.patch
@@ -0,0 +1,24 @@
+From 1bc5ca699f523bd8e910203a3eb4dee58f366976 Mon Sep 17 00:00:00 2001
+From: Joshua Elson <joshelson@gmail.com>
+Date: Mon, 20 Mar 2017 19:28:47 -0600
+Subject: [PATCH] Prevent memory corruption on xml tag write
+
+---
+ pjlib-util/src/pjlib-util/xml.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/pjlib-util/src/pjlib-util/xml.c b/pjlib-util/src/pjlib-util/xml.c
+index 296b232..b0aad26 100644
+--- a/pjlib-util/src/pjlib-util/xml.c
++++ b/pjlib-util/src/pjlib-util/xml.c
+@@ -248,6 +248,7 @@ static int xml_print_node( const pj_xml_node *node, int indent,
+ if (node->content.slen==0 &&
+ node->node_head.next==(pj_xml_node*)&node->node_head)
+ {
++ if (SIZE_LEFT() < 3) return -1;
+ *p++ = ' ';
+ *p++ = '/';
+ *p++ = '>';
+--
+2.10.1 (Apple Git-78)
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-18 07:50:06 +0000