Merge: dom: fix two possible out of bounds string accesses

Pull-Request: #2542
Reviewed-by: Lucas Bajolet <r4pass@hotmail.com>

diff --git a/.gitattributes b/.gitattributes
index e326f39..aec0cbc 100644 (file)
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,9 +1,8 @@
-c_src                  -diff
-parser.nit             -diff
-parser_prod.nit                -diff
-lexer.nit              -diff
-tables_nit.c           -diff
-c_src/**               -diff
+/src/parser/parser.nit      -diff
+/src/parser/parser_prod.nit -diff
+/src/parser/lexer.nit       -diff
+/src/parser/tables_nit.c    -diff
+/c_src/**                   -diff
 
 tests/sav/**/*.res     -whitespace
 *.res                  -whitespace

diff --git a/lib/dom/parser.nit b/lib/dom/parser.nit
index fe95094..7ebe6b0 100644 (file)
--- a/lib/dom/parser.nit
+++ b/lib/dom/parser.nit
@@ -82,6 +82,7 @@ class XMLProcessor
                var c = src[pos]
                if not c == '<' then return new XMLError(st_loc, "Expected start of tag, got `{c}`")
                pos += 1
+               if pos >= src.length then return new XMLError(st_loc, "Malformed tag")
                c = src[pos]
                if c == '!' then
                        # Special tag
@@ -236,11 +237,11 @@ class XMLProcessor
        # Parses an xml tag name
        private fun parse_tag_name(delims: Array[Char]): String do
                var idst = pos
-               var c = src[pos]
                var srclen = src.length
-               while pos < srclen and not c.is_whitespace and not delims.has(c) do
+               while pos < srclen do
+                       var c = src[pos]
+                       if c.is_whitespace or delims.has(c) then break
                        pos += 1
-                       c = src[pos]
                end
                return src.substring(idst, pos - idst).trim
        end