aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Robillard <d@drobilla.net>2016-03-15 18:02:32 -0400
committerDavid Robillard <d@drobilla.net>2016-03-15 18:02:32 -0400
commitbb8f19e9e4fbcfa015f48377df34cb89e5b1173e (patch)
tree29fe8e76af6dec007b3efbfd8c377fc54f141aab
parent530a14b795329e1bd3ecf98a0b0d924bcfdc6736 (diff)
downloadserd-bb8f19e9e4fbcfa015f48377df34cb89e5b1173e.tar.gz
serd-bb8f19e9e4fbcfa015f48377df34cb89e5b1173e.tar.bz2
serd-bb8f19e9e4fbcfa015f48377df34cb89e5b1173e.zip
Fix potential out of bounds read
-rw-r--r--NEWS5
-rw-r--r--src/writer.c3
-rw-r--r--wscript2
3 files changed, 6 insertions, 4 deletions
diff --git a/NEWS b/NEWS
index 1934872e..556abba9 100644
--- a/NEWS
+++ b/NEWS
@@ -1,9 +1,10 @@
-serd (0.22.1) unstable;
+serd (0.22.3) unstable;
+ * Fix potential out of bounds read
* Fix documentation generation
* Update serdi man page
- -- David Robillard <d@drobilla.net> Thu, 08 Oct 2015 17:47:07 -0400
+ -- David Robillard <d@drobilla.net> Tue, 15 Mar 2016 17:46:00 -0400
serd (0.22.0) stable;
diff --git a/src/writer.c b/src/writer.c
index 59080592..a037bf81 100644
--- a/src/writer.c
+++ b/src/writer.c
@@ -522,7 +522,8 @@ write_node(SerdWriter* writer,
!strcmp(type_uri + sizeof(NS_XSD) - 1, "integer"))) {
sink(node->buf, node->n_bytes, writer);
break;
- } else if (!strcmp(type_uri + sizeof(NS_XSD) - 1, "decimal") &&
+ } else if (!strncmp(type_uri, NS_XSD, sizeof(NS_XSD) - 1) &&
+ !strcmp(type_uri + sizeof(NS_XSD) - 1, "decimal") &&
strchr((const char*)node->buf, '.') &&
node->buf[node->n_bytes - 1] != '.') {
/* xsd:decimal literals without trailing digits, e.g. "5.", can
diff --git a/wscript b/wscript
index e188c0d0..813c7207 100644
--- a/wscript
+++ b/wscript
@@ -11,7 +11,7 @@ import waflib.extras.autowaf as autowaf
# major increment <=> incompatible changes
# minor increment <=> compatible changes (additions)
# micro increment <=> no interface changes
-SERD_VERSION = '0.22.1'
+SERD_VERSION = '0.22.3'
SERD_MAJOR_VERSION = '0'
# Mandatory waf variables