dom: fix two possible out of bounds string accesses

Signed-off-by: Alexis Laferrière <alexis.laf@xymus.net>

diff --git a/lib/dom/parser.nit b/lib/dom/parser.nit
index fe95094..7ebe6b0 100644 (file)
--- a/lib/dom/parser.nit
+++ b/lib/dom/parser.nit
@@ -82,6 +82,7 @@ class XMLProcessor
                var c = src[pos]
                if not c == '<' then return new XMLError(st_loc, "Expected start of tag, got `{c}`")
                pos += 1
+               if pos >= src.length then return new XMLError(st_loc, "Malformed tag")
                c = src[pos]
                if c == '!' then
                        # Special tag
@@ -236,11 +237,11 @@ class XMLProcessor
        # Parses an xml tag name
        private fun parse_tag_name(delims: Array[Char]): String do
                var idst = pos
-               var c = src[pos]
                var srclen = src.length
-               while pos < srclen and not c.is_whitespace and not delims.has(c) do
+               while pos < srclen do
+                       var c = src[pos]
+                       if c.is_whitespace or delims.has(c) then break
                        pos += 1
-                       c = src[pos]
                end
                return src.substring(idst, pos - idst).trim
        end