Fix a corner case with attribute parsing and null-bytes in HTML content

e.g. details in gbof-read-0_Html_get_attr2.html.asan
author: Jorge Arellano Cid <jcid@dillo.org> 2013-09-11 19:45:56 -0300
committer: Jorge Arellano Cid <jcid@dillo.org> 2013-09-11 19:45:56 -0300
commit: e66d434aeb97c78daf0d6c3b8e7de0b157310635 (patch)
tree: 0d2607afedd586bc59e201564408458ffb058b19 /src
parent: f059451d808b336bb44e47794cf566e34d6acd10 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/src/html.cc b/src/html.cc
index 1f9f5e0a..03bcb736 100644
--- a/src/html.cc
+++ b/src/html.cc
@@ -3854,10 +3854,13 @@ static const char *Html_get_attr2(DilloHtml *html,
          break;
 
       case MATCH_ATTR_NAME:
-         if ((Found = (!(attrname[attr_pos]) &&
-                       (tag[i] == '=' || isspace(tag[i]) || tag[i] == '>')))) {
+         if (!attrname[attr_pos] &&
+             (tag[i] == '=' || isspace(tag[i]) || tag[i] == '>')) {
+            Found = 1;
             state = SEEK_TOKEN_START;
             --i;
+         } else if (!tag[i]) {
+            state = SEEK_ATTR_START; // NULL byte is not allowed
          } else {
             if (D_ASCII_TOLOWER(tag[i]) != D_ASCII_TOLOWER(attrname[attr_pos]))
                state = SEEK_ATTR_START;
author	Jorge Arellano Cid <jcid@dillo.org>	2013-09-11 19:45:56 -0300
committer	Jorge Arellano Cid <jcid@dillo.org>	2013-09-11 19:45:56 -0300
commit	e66d434aeb97c78daf0d6c3b8e7de0b157310635 (patch)
tree	0d2607afedd586bc59e201564408458ffb058b19 /src
parent	f059451d808b336bb44e47794cf566e34d6acd10 (diff)