memory content leak when using xmlTextWriterWriteAttribute with malformed utf-8
Bug #655442 reported by
Kees Cook
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libxml2 |
Invalid
|
Medium
|
|||
php |
Unknown
|
Unknown
|
|||
libxml2 (Ubuntu) |
Invalid
|
Low
|
Unassigned |
Bug Description
Binary package hint: php5
It seems that PHP is not correctly using libxml2's xmlwriter routines, and allows passing in invalid utf-8 strings which are then misparsed by libxml2, allowing memory contents to leak into the resulting output.
Actual output:
PHP Warning: XMLWriter:
<input value="
Expected output:
<input value="
affects: | php5 (Ubuntu) → libxml2 (Ubuntu) |
Changed in libxml2: | |
importance: | Unknown → Medium |
status: | Unknown → New |
Changed in libxml2: | |
status: | New → Invalid |
To post a comment you must log in.
Appears broken all the way back through Hardy. Dapper behaves correctly.