KotJohansson/Male-Poon
1
1
Fork 0
mirror of http://git.mos6581.com/ManchildProductions/Male-Poon.git synced 2026-05-26 16:55:20 +00:00
Code Issues Projects Releases Wiki Activity

XML parser: check for overflow.

Browse Source 
Addresses the FIXME comment in expat.
This commit is contained in:
Pale Moon
2016-11-16 19:52:21 +01:00
parent 65154dd39d
commit 9bb9557f04
1 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
parser/expat/lib/xmlparse.c
+26
View File
@@ -1559,6 +1559,8 @@ XML_Parse(XML_Parser parser, const char *s, int len, int isFinal)
nLeftOver = s + len - end;
if (nLeftOver) {
if (buffer == NULL || nLeftOver > bufferLim - buffer) {
/* BEGIN MOZILLA CHANGE (check for overflow) */
#if 0
/* FIXME avoid integer overflow */
char *temp;
temp = (buffer == NULL
@@ -1576,6 +1578,30 @@ XML_Parse(XML_Parser parser, const char *s, int len, int isFinal)
return XML_STATUS_ERROR;
}
bufferLim = buffer + len * 2;
#else
char *temp;
int newLen = len * 2;
if (newLen < 0) {
errorCode = XML_ERROR_NO_MEMORY;
return XML_STATUS_ERROR;
}
temp = (buffer == NULL
? (char *)MALLOC(newLen)
: (char *)REALLOC(buffer, newLen));
if (temp == NULL) {
errorCode = XML_ERROR_NO_MEMORY;
return XML_STATUS_ERROR;
}
buffer = temp;
if (!buffer) {
errorCode = XML_ERROR_NO_MEMORY;
eventPtr = eventEndPtr = NULL;
processor = errorProcessor;
return XML_STATUS_ERROR;
}
bufferLim = buffer + newLen;
#endif
/* END MOZILLA CHANGE */
}
memcpy(buffer, end, nLeftOver);
}