From bb8f19e9e4fbcfa015f48377df34cb89e5b1173e Mon Sep 17 00:00:00 2001
From: David Robillard <d@drobilla.net>
Date: Tue, 15 Mar 2016 18:02:32 -0400
Subject: Fix potential out of bounds read

---
 NEWS         | 5 +++--
 src/writer.c | 3 ++-
 wscript      | 2 +-
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/NEWS b/NEWS
index 1934872e..556abba9 100644
--- a/NEWS
+++ b/NEWS
@@ -1,9 +1,10 @@
-serd (0.22.1) unstable;
+serd (0.22.3) unstable;
 
+  * Fix potential out of bounds read
   * Fix documentation generation
   * Update serdi man page
 
- -- David Robillard <d@drobilla.net>  Thu, 08 Oct 2015 17:47:07 -0400
+ -- David Robillard <d@drobilla.net>  Tue, 15 Mar 2016 17:46:00 -0400
 
 serd (0.22.0) stable;
 
diff --git a/src/writer.c b/src/writer.c
index 59080592..a037bf81 100644
--- a/src/writer.c
+++ b/src/writer.c
@@ -522,7 +522,8 @@ write_node(SerdWriter*        writer,
 				    !strcmp(type_uri + sizeof(NS_XSD) - 1, "integer"))) {
 				sink(node->buf, node->n_bytes, writer);
 				break;
-			} else if (!strcmp(type_uri + sizeof(NS_XSD) - 1, "decimal") &&
+			} else if (!strncmp(type_uri, NS_XSD, sizeof(NS_XSD) - 1) &&
+			           !strcmp(type_uri + sizeof(NS_XSD) - 1, "decimal") &&
 			           strchr((const char*)node->buf, '.') &&
 			           node->buf[node->n_bytes - 1] != '.') {
 				/* xsd:decimal literals without trailing digits, e.g. "5.", can
diff --git a/wscript b/wscript
index e188c0d0..813c7207 100644
--- a/wscript
+++ b/wscript
@@ -11,7 +11,7 @@ import waflib.extras.autowaf as autowaf
 # major increment <=> incompatible changes
 # minor increment <=> compatible changes (additions)
 # micro increment <=> no interface changes
-SERD_VERSION       = '0.22.1'
+SERD_VERSION       = '0.22.3'
 SERD_MAJOR_VERSION = '0'
 
 # Mandatory waf variables
-- 
cgit v1.2.1