summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Silverstone <dsilvers@digital-scurf.org>2016-08-27 20:05:30 (GMT)
committer Daniel Silverstone <dsilvers@digital-scurf.org>2016-08-27 20:05:30 (GMT)
commita1cb751bb8579a9071b255aa3c89abce0394b206 (patch)
treeaa000f41a1a6cf005026941bffa95ce57861ae69
parent2863a608fdf5ce606388e1f36f0e395a17932fed (diff)
downloadlibdom-a1cb751bb8579a9071b255aa3c89abce0394b206.tar.gz
libdom-a1cb751bb8579a9071b255aa3c89abce0394b206.tar.bz2
Slightly better fix for afl issues
-rw-r--r--bindings/xml/expat_xmlparser.c35
1 files changed, 15 insertions, 20 deletions
diff --git a/bindings/xml/expat_xmlparser.c b/bindings/xml/expat_xmlparser.c
index 278073c..e5bc2e6 100644
--- a/bindings/xml/expat_xmlparser.c
+++ b/bindings/xml/expat_xmlparser.c
@@ -45,10 +45,7 @@ expat_xmlparser_start_element_handler(void *_parser,
dom_string *namespace = NULL;
const XML_Char *ns_sep = strchr(name, '\n');
- if (parser->current == NULL) {
- /* not currently building a node so cannot add elemnt to it */
- return;
- }
+ assert(parser->current);
if (ns_sep != NULL) {
err = dom_string_create_interned((const uint8_t *)name,
@@ -179,15 +176,19 @@ expat_xmlparser_end_element_handler(void *_parser,
UNUSED(name);
- if (parser->current == NULL) {
- /* not currently building a node so cannot end elemnt
- * addition to it.
- */
- return;
- }
+ assert(parser->current);
err = dom_node_get_parent_node(parser->current, &parent);
+ if (parent == NULL || parent == (dom_node *)parser->doc) {
+ /* The XML has tried to close more than it should */
+ if (parent != NULL)
+ dom_node_unref(parent);
+ parser->msg(DOM_MSG_CRITICAL, parser->mctx,
+ "Attempted to close more than was opened.");
+ return;
+ }
+
if (err != DOM_NO_ERR) {
parser->msg(DOM_MSG_CRITICAL, parser->mctx,
"Unable to find a parent while closing element.");
@@ -225,10 +226,7 @@ expat_xmlparser_cdata_handler(void *_parser,
struct dom_node *cdata, *ins_cdata, *lastchild = NULL;
dom_node_type ntype = 0;
- if (parser->current == NULL) {
- /* not currently building a node so cannot add cdata to it */
- return;
- }
+ assert(parser->current);
err = dom_string_create((const uint8_t *)s, len, &data);
if (err != DOM_NO_ERR) {
@@ -359,10 +357,7 @@ expat_xmlparser_comment_handler(void *_parser,
dom_string *data;
dom_exception err;
- if (parser->current == NULL) {
- /* not currently building a node so cannot have comment */
- return;
- }
+ assert(parser->current);
/* Create DOM string data for comment */
err = dom_string_create((const uint8_t *)_comment,
@@ -558,8 +553,8 @@ void
dom_xml_parser_destroy(dom_xml_parser *parser)
{
XML_ParserFree(parser->parser);
- if (parser->current != NULL)
- dom_node_unref(parser->current);
+ assert(parser->current);
+ dom_node_unref(parser->current);
dom_node_unref(parser->doc);
free(parser);
}