From 4d2e28542252533641c7b39a78cb19a34223ca8e Mon Sep 17 00:00:00 2001 From: rfm Date: Thu, 18 Oct 2012 21:44:50 +0000 Subject: [PATCH] attempt fix for bug #37596 git-svn-id: svn+ssh://svn.gna.org/svn/gnustep/libs/base/trunk@35716 72102866-910b-0410-8b05-ffd578937521 --- ChangeLog | 4 ++++ Source/NSXMLParser.m | 46 +++++++++++++++++++++++++------------------- 2 files changed, 30 insertions(+), 20 deletions(-) diff --git a/ChangeLog b/ChangeLog index cd1fe688c..82b4666b7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2012-10-18 Richard Frith-Macdonald + + * Source/NSXMLParser.m: Try to fix entity parsing bug #37596 + 2012-10-17 Richard Frith-Macdonald * Source/NSBundle.m: diff --git a/Source/NSXMLParser.m b/Source/NSXMLParser.m index a3c94ec7a..bbac548d6 100644 --- a/Source/NSXMLParser.m +++ b/Source/NSXMLParser.m @@ -1383,26 +1383,32 @@ NSLog(@"_processTag <%@%@ %@>", flag?@"/": @"", tag, attributes); if (*ep == '#') { - // &#ddd; or &#xhh; - // !!! ep+1 is not 0-terminated - but by ;!! - if (sscanf((char *)ep+1, "x%x;", &val)) - { - // &#xhh; hex value - if (result != 0) - { - *result = [[NSString alloc] initWithFormat: @"%C", val]; - } - return YES; - } - else if (sscanf((char *)ep+1, "%d;", &val)) - { - // &ddd; decimal value - if (result != 0) - { - *result = [[NSString alloc] initWithFormat: @"%C", val]; - } - return YES; - } + if (len < 8) + { + char buf[8]; + + memcpy(buf, ep + 1, len - 1); + buf[len - 1] = '\0'; + // &#ddd; or &#xhh; + if (sscanf(buf, "x%x;", &val)) + { + // &#xhh; hex value + if (result != 0) + { + *result = [[NSString alloc] initWithFormat: @"%C", val]; + } + return YES; + } + else if (sscanf(buf, "%d;", &val)) + { + // &ddd; decimal value + if (result != 0) + { + *result = [[NSString alloc] initWithFormat: @"%C", val]; + } + return YES; + } + } } else {