cheng/libexpat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Detect overflow from len=INT_MAX call to XML_Parse

Browse Source 
Relevant only when XML_CONTEXT_BYTES not defined
This commit is contained in:
Sebastian Pipping 2017-05-28 21:57:37 +02:00
parent 70db8d2538
commit 4be2cb5afc
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
expat/lib/xmlparse.c
View File

@ -1704,6 +1704,13 @@ XML_Parse(XML_Parser parser, const char *s, int len, int isFinal)
const char *end;
int nLeftOver;
enum XML_Status result;
/* Detect overflow (a+b > MAX <==> b > MAX-a) */
if (len > (XML_Index)-1 - parseEndByteIndex) {
errorCode = XML_ERROR_NO_MEMORY;
eventPtr = eventEndPtr = NULL;
processor = errorProcessor;
return XML_STATUS_ERROR;
}
parseEndByteIndex += len;
positionPtr = s;
ps_finalBuffer = (XML_Bool)isFinal;