Defensive check for UTF conversion
@@ -545,6 +545,11 @@ const char* XMLUtil::GetCharacterRef(const char* p, char* value, int* length)
}
// convert the UCS to UTF-8
ConvertUTF32ToUTF8(ucs, value, length);
+ if (length == 0) {
+ // If length is 0, there was an error. (Security? Bad input?)
+ // Fail safely.
+ return 0;
+ }
return p + delta + 1;
return p + 1;
Lee Thomason