Re: CFXMLCreateStringByUnescapingEntities() bombs on "�"
Re: CFXMLCreateStringByUnescapingEntities() bombs on "�"
- Subject: Re: CFXMLCreateStringByUnescapingEntities() bombs on "�"
- From: "Gary L. Wade" <email@hidden>
- Date: Tue, 25 Mar 2014 17:04:01 -0700
- Thread-topic: CFXMLCreateStringByUnescapingEntities() bombs on "�"
Since this could be a security exploit with malformed data being allowed
in a bad way, you might set your bug to be a security issue and that¹ll
raise eyebrows fast. You do remember how you could crash an app by using
a malformed file URL some time back?
--
Gary L. Wade
http://www.garywade.com/
On 3/25/2014, 3:08 PM, "Jerry Krinock" <email@hidden> wrote:
>I¹ve now submitted this as Bug ID #16424156, which includes a demo
>project that has the original open source function, and a patched version
>which seems to work. Some serious testing is needed, but no more time
>for this issue today. The code in the demo project is also pasted in
>below, for anyone would like to review the patch. Criticisms and/or
>suggested test cases would be appreciated!
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden