src - OpenBSD base system

diff options


context:
space:
mode:

author	Alexander Bluhm <bluhm@cvs.openbsd.org>	2022-01-17 20:50:23 +0000
committer	Alexander Bluhm <bluhm@cvs.openbsd.org>	2022-01-17 20:50:23 +0000
commit	49a83b846d92c900d95e39188926f4214f6bd67a (patch)
tree	b4ad5a2346050e35f4b83c6b3f5fc0d6fe138fde
parent	7c6347565865791378727de046c5ff512eb6f8c9 (diff)

Update libexpat to 2.4.3. This fixes CVE-2021-45960, CVE-2021-46143,

and CVE-2022-22822 to CVE-2022-22827. Relevant for OpenBSD are security fixes #531 #534 #532 #538 #539 and other changes #527 #513 #514 #502 #503. No library bump necessary. OK millert@

Diffstat

-rw-r--r--

lib/libexpat/Changes

-rw-r--r--

lib/libexpat/README.md

-rw-r--r--

lib/libexpat/doc/reference.html

-rw-r--r--

lib/libexpat/lib/expat.h

-rw-r--r--

lib/libexpat/lib/xmlparse.c

212

-rw-r--r--

lib/libexpat/lib/xmlrole.c

-rw-r--r--

lib/libexpat/lib/xmltok.c

-rw-r--r--

lib/libexpat/lib/xmltok_ns.c

-rw-r--r--

lib/libexpat/tests/runtests.c

9 files changed, 300 insertions, 28 deletions

diff --git a/lib/libexpat/Changes b/lib/libexpat/Changes
index f765789857e..7540d38ca82 100644
--- a/lib/libexpat/Changes
+++ b/lib/libexpat/Changes

@@ -2,6 +2,81 @@ NOTE: We are looking for help with a few things:

https://github.com/libexpat/libexpat/labels/help%20wanted

If you can help, please get in touch. Thanks!

+Release 2.4.3 Sun January 16 2022

+ Security fixes:

+ #531 #534 CVE-2021-45960 -- Fix issues with left shifts by >=29 places

+ resulting in

+ a) realloc acting as free

+ b) realloc allocating too few bytes

+ c) undefined behavior

+ depending on architecture and precise value

+ for XML documents with >=2^27+1 prefixed attributes

+ on a single XML tag a la

+ "<r xmlns:a='[..]' a:a123='[..]' [..] />"

+ where XML_ParserCreateNS is used to create the parser

+ (which needs argument "-n" when running xmlwf).

+ Impact is denial of service, or more.

+ #532 #538 CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow

+ on variable m_groupSize in function doProlog leading

+ to realloc acting as free.

+ Impact is denial of service or more.

+ #539 CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows

+ near memory allocation at multiple places. Mitre assigned

+ a dedicated CVE for each involved internal C function:

+ - CVE-2022-22822 for function addBinding

+ - CVE-2022-22823 for function build_model

+ - CVE-2022-22824 for function defineAttribute

+ - CVE-2022-22825 for function lookup

+ - CVE-2022-22826 for function nextScaffoldPart

+ - CVE-2022-22827 for function storeAtts

+ Impact is denial of service or more.

+ Other changes:

+ #535 CMake: Make call to file(GENERATE [..]) work for CMake <3.19

+ #541 Autotools|CMake: MinGW: Make run.sh(.in) work for Cygwin

+ and MSYS2 by not going through Wine on these platforms

+ #527 #528 Address compiler warnings

+ #533 #543 Version info bumped from 9:2:8 to 9:3:8;

+ see https://verbump.de/ for what these numbers do

+ Infrastructure:

+ #536 CI: Check for realistic minimum CMake version

+ #529 #539 CI: Cover compilation with -m32

+ #529 CI: Store coverage reports as artifacts for download

+ #528 CI: Upgrade Clang from 11 to 13

+ Special thanks to:

+ An anonymous whitehat

+ Christopher Degawa

+ J. Peter Mugaas

+ Tyson Smith

+ and

+ GCC Farm Project

+ Trend Micro Zero Day Initiative

+Release 2.4.2 Sun December 19 2021

+ Other changes:

+ #509 #510 Link againgst libm for function "isnan"

+ #513 #514 Include expat_config.h as early as possible

+ #498 Autotools: Include files with release archives:

+ - buildconf.sh

+ - fuzz/*.c

+ #507 #519 Autotools: Sync CMake templates

+ #495 #524 CMake: MinGW: Fix pkg-config section "Libs" for

+ - non-release build types (e.g. -DCMAKE_BUILD_TYPE=Debug)

+ - multi-config CMake generators (e.g. Ninja Multi-Config)

+ #502 #503 docs: Document that function XML_GetBuffer may return NULL

+ when asking for a buffer of 0 (zero) bytes size

+ #522 #523 docs: Fix return value docs for both

+ XML_SetBillionLaughsAttackProtection* functions

+ #525 #526 Version info bumped from 9:1:8 to 9:2:8;

+ see https://verbump.de/ for what these numbers do

+ Special thanks to:

+ Dong-hee Na

+ Joergen Ibsen

+ Kai Pastor

Release 2.4.1 Sun May 23 2021

Bug fixes:

#488 #490 Autotools: Fix installed header expat_config.h for multilib

diff --git a/lib/libexpat/README.md b/lib/libexpat/README.md
index 251dc8a19b3..6fdd6148714 100644
--- a/lib/libexpat/README.md
+++ b/lib/libexpat/README.md

@@ -5,7 +5,7 @@

[![Downloads GitHub](https://img.shields.io/github/downloads/libexpat/libexpat/total?label=Downloads%20GitHub)](https://github.com/libexpat/libexpat/releases)

-# Expat, Release 2.4.1

+# Expat, Release 2.4.3

This is Expat, a C library for parsing XML, started by

[James Clark](https://en.wikipedia.org/wiki/James_Clark_%28programmer%29) in 1997.

diff --git a/lib/libexpat/doc/reference.html b/lib/libexpat/doc/reference.html
index 309cb2415bb..1629413e541 100644
--- a/lib/libexpat/doc/reference.html
+++ b/lib/libexpat/doc/reference.html

@@ -14,9 +14,10 @@

Licensed under the MIT license:

Permission is hereby granted, free of charge, to any person obtaining

@@ -48,7 +49,7 @@

<div>

<h1>

The Expat XML Parser

- <small>Release 2.4.1</small>

+ <small>Release 2.4.3</small>

</h1>

</div>

@@ -1115,7 +1116,8 @@ XML_GetBuffer(XML_Parser p,

Obtain a buffer of size <code>len</code> to read a piece of the document

into. A NULL value is returned if Expat can't allocate enough memory for

-this buffer. This has to be called prior to every call to

+this buffer. A NULL value may also be returned if <code>len</code> is zero.

+This has to be called prior to every call to

<code><a href= "#XML_ParseBuffer" >XML_ParseBuffer</a></code>. A

typical use would look like this:

@@ -2100,7 +2102,7 @@ XML_SetBillionLaughsAttackProtectionMaximumAmplification(XML_Parser p,

<a href="https://en.wikipedia.org/wiki/Billion_laughs_attack">billion laughs attacks</a>

(default: <code>100.0</code>)

of parser <code>p</code> to <code>maximumAmplificationFactor</code>, and

- returns <code>XML_TRUE</code> upon success and <code>XML_TRUE</code> upon error.

+ returns <code>XML_TRUE</code> upon success and <code>XML_FALSE</code> upon error.

</p>

The amplification factor is calculated as ..

@@ -2150,7 +2152,7 @@ XML_SetBillionLaughsAttackProtectionActivationThreshold(XML_Parser p,

<a href="https://en.wikipedia.org/wiki/Billion_laughs_attack">billion laughs attacks</a>

(default: <code>8 MiB</code>)

of parser <code>p</code> to <code>activationThresholdBytes</code>, and

- returns <code>XML_TRUE</code> upon success and <code>XML_TRUE</code> upon error.

+ returns <code>XML_TRUE</code> upon success and <code>XML_FALSE</code> upon error.

</p>

<p>For a call to <code>XML_SetBillionLaughsAttackProtectionActivationThreshold</code> to succeed:</p>

diff --git a/lib/libexpat/lib/expat.h b/lib/libexpat/lib/expat.h
index b7d6d354801..0f021e25def 100644
--- a/lib/libexpat/lib/expat.h
+++ b/lib/libexpat/lib/expat.h

@@ -11,7 +11,7 @@

@@ -1041,7 +1041,7 @@ XML_SetBillionLaughsAttackProtectionActivationThreshold(

#define XML_MAJOR_VERSION 2

#define XML_MINOR_VERSION 4

-#define XML_MICRO_VERSION 1

+#define XML_MICRO_VERSION 3

#ifdef __cplusplus

}

diff --git a/lib/libexpat/lib/xmlparse.c b/lib/libexpat/lib/xmlparse.c
index 5ba56eaea63..b2f5fc6bee7 100644
--- a/lib/libexpat/lib/xmlparse.c
+++ b/lib/libexpat/lib/xmlparse.c

@@ -1,4 +1,4 @@

-/* 8539b9040d9d901366a62560a064af7cb99811335784b363abc039c5b0ebc416 (2.4.1+)

+/* 9ca2a2fedc35bcb13ba9a134ba5e173020bc2ff5f5a311abf742cec7da1ff26a (2.4.3+)

__ __ _

___\ \/ /_ __ __ _| |_

/ _ \\ /| '_ \ / _` | __|

@@ -13,7 +13,7 @@

@@ -32,6 +32,7 @@

Licensed under the MIT license:

Permission is hereby granted, free of charge, to any person obtaining

@@ -54,6 +55,10 @@

USE OR OTHER DEALINGS IN THE SOFTWARE.

+#define XML_BUILDING_EXPAT 1

+#include <expat_config.h>

#if ! defined(_GNU_SOURCE)

# define _GNU_SOURCE 1 /* syscall prototype */

#endif

@@ -84,14 +89,10 @@

# include <errno.h>

#endif

-#define XML_BUILDING_EXPAT 1

#ifdef _WIN32

# include "winconfig.h"

#endif

-#include <expat_config.h>

#include "ascii.h"

#include "expat.h"

#include "siphash.h"

@@ -3260,13 +3261,38 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr,

/* get the attributes from the tokenizer */

n = XmlGetAttributes(enc, attStr, parser->m_attsSize, parser->m_atts);

+ /* Detect and prevent integer overflow */

+ if (n > INT_MAX - nDefaultAtts) {

+ return XML_ERROR_NO_MEMORY;

+ }

if (n + nDefaultAtts > parser->m_attsSize) {

int oldAttsSize = parser->m_attsSize;

ATTRIBUTE *temp;

#ifdef XML_ATTR_INFO

XML_AttrInfo *temp2;

#endif

+ /* Detect and prevent integer overflow */

+ if ((nDefaultAtts > INT_MAX - INIT_ATTS_SIZE)

+ || (n > INT_MAX - (nDefaultAtts + INIT_ATTS_SIZE))) {

+ return XML_ERROR_NO_MEMORY;

+ }

parser->m_attsSize = n + nDefaultAtts + INIT_ATTS_SIZE;

+ /* Detect and prevent integer overflow.

+ * The preprocessor guard addresses the "always false" warning

+ * from -Wtype-limits on platforms where

+ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */

+#if UINT_MAX >= SIZE_MAX

+ if ((unsigned)parser->m_attsSize > (size_t)(-1) / sizeof(ATTRIBUTE)) {

+ parser->m_attsSize = oldAttsSize;

+ return XML_ERROR_NO_MEMORY;

+ }

+#endif

temp = (ATTRIBUTE *)REALLOC(parser, (void *)parser->m_atts,

parser->m_attsSize * sizeof(ATTRIBUTE));

if (temp == NULL) {

@@ -3275,6 +3301,17 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr,

}

parser->m_atts = temp;

#ifdef XML_ATTR_INFO

+ /* Detect and prevent integer overflow.

+ * The preprocessor guard addresses the "always false" warning

+ * from -Wtype-limits on platforms where

+ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */

+# if UINT_MAX >= SIZE_MAX

+ if ((unsigned)parser->m_attsSize > (size_t)(-1) / sizeof(XML_AttrInfo)) {

+ parser->m_attsSize = oldAttsSize;

+ return XML_ERROR_NO_MEMORY;

+ }

+# endif

temp2 = (XML_AttrInfo *)REALLOC(parser, (void *)parser->m_attInfo,

parser->m_attsSize * sizeof(XML_AttrInfo));

if (temp2 == NULL) {

@@ -3413,7 +3450,13 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr,

if (nPrefixes) {

int j; /* hash table index */

unsigned long version = parser->m_nsAttsVersion;

- int nsAttsSize = (int)1 << parser->m_nsAttsPower;

+ /* Detect and prevent invalid shift */

+ if (parser->m_nsAttsPower >= sizeof(unsigned int) * 8 /* bits per byte */) {

+ return XML_ERROR_NO_MEMORY;

+ }

+ unsigned int nsAttsSize = 1u << parser->m_nsAttsPower;

unsigned char oldNsAttsPower = parser->m_nsAttsPower;

/* size of hash table must be at least 2 * (# of prefixed attributes) */

if ((nPrefixes << 1)

@@ -3424,7 +3467,28 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr,

;

if (parser->m_nsAttsPower < 3)

parser->m_nsAttsPower = 3;

- nsAttsSize = (int)1 << parser->m_nsAttsPower;

+ /* Detect and prevent invalid shift */

+ if (parser->m_nsAttsPower >= sizeof(nsAttsSize) * 8 /* bits per byte */) {

+ /* Restore actual size of memory in m_nsAtts */

+ parser->m_nsAttsPower = oldNsAttsPower;

+ return XML_ERROR_NO_MEMORY;

+ }

+ nsAttsSize = 1u << parser->m_nsAttsPower;

+ /* Detect and prevent integer overflow.

+ * The preprocessor guard addresses the "always false" warning

+ * from -Wtype-limits on platforms where

+ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */

+#if UINT_MAX >= SIZE_MAX

+ if (nsAttsSize > (size_t)(-1) / sizeof(NS_ATT)) {

+ /* Restore actual size of memory in m_nsAtts */

+ parser->m_nsAttsPower = oldNsAttsPower;

+ return XML_ERROR_NO_MEMORY;

+ }

+#endif

temp = (NS_ATT *)REALLOC(parser, parser->m_nsAtts,

nsAttsSize * sizeof(NS_ATT));

if (! temp) {

@@ -3582,9 +3646,31 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr,

tagNamePtr->prefixLen = prefixLen;

for (i = 0; localPart[i++];)

; /* i includes null terminator */

+ /* Detect and prevent integer overflow */

+ if (binding->uriLen > INT_MAX - prefixLen

+ || i > INT_MAX - (binding->uriLen + prefixLen)) {

+ return XML_ERROR_NO_MEMORY;

+ }

n = i + binding->uriLen + prefixLen;

if (n > binding->uriAlloc) {

TAG *p;

+ /* Detect and prevent integer overflow */

+ if (n > INT_MAX - EXPAND_SPARE) {

+ return XML_ERROR_NO_MEMORY;

+ }

+ /* Detect and prevent integer overflow.

+ * The preprocessor guard addresses the "always false" warning

+ * from -Wtype-limits on platforms where

+ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */

+#if UINT_MAX >= SIZE_MAX

+ if ((unsigned)(n + EXPAND_SPARE) > (size_t)(-1) / sizeof(XML_Char)) {

+ return XML_ERROR_NO_MEMORY;

+ }

+#endif

uri = (XML_Char *)MALLOC(parser, (n + EXPAND_SPARE) * sizeof(XML_Char));

if (! uri)

return XML_ERROR_NO_MEMORY;

@@ -3680,6 +3766,21 @@ addBinding(XML_Parser parser, PREFIX *prefix, const ATTRIBUTE_ID *attId,

if (parser->m_freeBindingList) {

b = parser->m_freeBindingList;

if (len > b->uriAlloc) {

+ /* Detect and prevent integer overflow */

+ if (len > INT_MAX - EXPAND_SPARE) {

+ return XML_ERROR_NO_MEMORY;

+ }

+ /* Detect and prevent integer overflow.

+ * The preprocessor guard addresses the "always false" warning

+ * from -Wtype-limits on platforms where

+ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */

+#if UINT_MAX >= SIZE_MAX

+ if ((unsigned)(len + EXPAND_SPARE) > (size_t)(-1) / sizeof(XML_Char)) {

+ return XML_ERROR_NO_MEMORY;

+ }

+#endif

XML_Char *temp = (XML_Char *)REALLOC(

parser, b->uri, sizeof(XML_Char) * (len + EXPAND_SPARE));

if (temp == NULL)

@@ -3692,6 +3793,21 @@ addBinding(XML_Parser parser, PREFIX *prefix, const ATTRIBUTE_ID *attId,

b = (BINDING *)MALLOC(parser, sizeof(BINDING));

if (! b)

return XML_ERROR_NO_MEMORY;

+ /* Detect and prevent integer overflow */

+ if (len > INT_MAX - EXPAND_SPARE) {

+ return XML_ERROR_NO_MEMORY;

+ }

+ /* Detect and prevent integer overflow.

+ * The preprocessor guard addresses the "always false" warning

+ * from -Wtype-limits on platforms where

+ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */

+#if UINT_MAX >= SIZE_MAX

+ if ((unsigned)(len + EXPAND_SPARE) > (size_t)(-1) / sizeof(XML_Char)) {

+ return XML_ERROR_NO_MEMORY;

+ }

+#endif

b->uri

= (XML_Char *)MALLOC(parser, sizeof(XML_Char) * (len + EXPAND_SPARE));

if (! b->uri) {

@@ -5018,6 +5134,11 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,

if (parser->m_prologState.level >= parser->m_groupSize) {

if (parser->m_groupSize) {

{

+ /* Detect and prevent integer overflow */

+ if (parser->m_groupSize > (unsigned int)(-1) / 2u) {

+ return XML_ERROR_NO_MEMORY;

+ }

char *const new_connector = (char *)REALLOC(

parser, parser->m_groupConnector, parser->m_groupSize *= 2);

if (new_connector == NULL) {

@@ -5028,6 +5149,16 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,

}

if (dtd->scaffIndex) {

+ /* Detect and prevent integer overflow.

+ * The preprocessor guard addresses the "always false" warning

+ * from -Wtype-limits on platforms where

+ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */

+#if UINT_MAX >= SIZE_MAX

+ if (parser->m_groupSize > (size_t)(-1) / sizeof(int)) {

+ return XML_ERROR_NO_MEMORY;

+ }

+#endif

int *const new_scaff_index = (int *)REALLOC(

parser, dtd->scaffIndex, parser->m_groupSize * sizeof(int));

if (new_scaff_index == NULL)

@@ -6098,7 +6229,24 @@ defineAttribute(ELEMENT_TYPE *type, ATTRIBUTE_ID *attId, XML_Bool isCdata,

}

} else {

DEFAULT_ATTRIBUTE *temp;

+ /* Detect and prevent integer overflow */

+ if (type->allocDefaultAtts > INT_MAX / 2) {

+ return 0;

+ }

int count = type->allocDefaultAtts * 2;

+ /* Detect and prevent integer overflow.

+ * The preprocessor guard addresses the "always false" warning

+ * from -Wtype-limits on platforms where

+ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */

+#if UINT_MAX >= SIZE_MAX

+ if ((unsigned)count > (size_t)(-1) / sizeof(DEFAULT_ATTRIBUTE)) {

+ return 0;

+ }

+#endif

temp = (DEFAULT_ATTRIBUTE *)REALLOC(parser, type->defaultAtts,

(count * sizeof(DEFAULT_ATTRIBUTE)));

if (temp == NULL)

@@ -6749,8 +6897,20 @@ lookup(XML_Parser parser, HASH_TABLE *table, KEY name, size_t createSize) {

/* check for overflow (table is half full) */

if (table->used >> (table->power - 1)) {

unsigned char newPower = table->power + 1;

+ /* Detect and prevent invalid shift */

+ if (newPower >= sizeof(unsigned long) * 8 /* bits per byte */) {

+ return NULL;

+ }

size_t newSize = (size_t)1 << newPower;

unsigned long newMask = (unsigned long)newSize - 1;

+ /* Detect and prevent integer overflow */

+ if (newSize > (size_t)(-1) / sizeof(NAMED *)) {

+ return NULL;

+ }

size_t tsize = newSize * sizeof(NAMED *);

NAMED **newV = (NAMED **)table->mem->malloc_fcn(tsize);

if (! newV)

@@ -7100,6 +7260,20 @@ nextScaffoldPart(XML_Parser parser) {

if (dtd->scaffCount >= dtd->scaffSize) {

CONTENT_SCAFFOLD *temp;

if (dtd->scaffold) {

+ /* Detect and prevent integer overflow */

+ if (dtd->scaffSize > UINT_MAX / 2u) {

+ return -1;

+ }

+ /* Detect and prevent integer overflow.

+ * The preprocessor guard addresses the "always false" warning

+ * from -Wtype-limits on platforms where

+ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */

+#if UINT_MAX >= SIZE_MAX

+ if (dtd->scaffSize > (size_t)(-1) / 2u / sizeof(CONTENT_SCAFFOLD)) {

+ return -1;

+ }

+#endif

temp = (CONTENT_SCAFFOLD *)REALLOC(

parser, dtd->scaffold, dtd->scaffSize * 2 * sizeof(CONTENT_SCAFFOLD));

if (temp == NULL)

@@ -7169,8 +7343,26 @@ build_model(XML_Parser parser) {

XML_Content *ret;

XML_Content *cpos;

XML_Char *str;

- int allocsize = (dtd->scaffCount * sizeof(XML_Content)

- + (dtd->contentStringLen * sizeof(XML_Char)));

+ /* Detect and prevent integer overflow.

+ * The preprocessor guard addresses the "always false" warning

+ * from -Wtype-limits on platforms where

+ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */

+#if UINT_MAX >= SIZE_MAX

+ if (dtd->scaffCount > (size_t)(-1) / sizeof(XML_Content)) {

+ return NULL;

+ }

+ if (dtd->contentStringLen > (size_t)(-1) / sizeof(XML_Char)) {

+ return NULL;

+ }

+#endif

+ if (dtd->scaffCount * sizeof(XML_Content)

+ > (size_t)(-1) - dtd->contentStringLen * sizeof(XML_Char)) {

+ return NULL;

+ }

+ const size_t allocsize = (dtd->scaffCount * sizeof(XML_Content)

+ + (dtd->contentStringLen * sizeof(XML_Char)));

ret = (XML_Content *)MALLOC(parser, allocsize);

if (! ret)

diff --git a/lib/libexpat/lib/xmlrole.c b/lib/libexpat/lib/xmlrole.c
index 08173b0fd54..77746ee42d1 100644
--- a/lib/libexpat/lib/xmlrole.c
+++ b/lib/libexpat/lib/xmlrole.c

@@ -15,6 +15,7 @@

Licensed under the MIT license:

Permission is hereby granted, free of charge, to any person obtaining

@@ -37,14 +38,14 @@

USE OR OTHER DEALINGS IN THE SOFTWARE.

+#include <expat_config.h>

#include <stddef.h>

#ifdef _WIN32

# include "winconfig.h"

#endif

-#include <expat_config.h>

#include "expat_external.h"

#include "internal.h"

#include "xmlrole.h"

diff --git a/lib/libexpat/lib/xmltok.c b/lib/libexpat/lib/xmltok.c
index f2b6b406067..502ca1adc33 100644
--- a/lib/libexpat/lib/xmltok.c
+++ b/lib/libexpat/lib/xmltok.c

@@ -20,6 +20,7 @@

Licensed under the MIT license:

Permission is hereby granted, free of charge, to any person obtaining

@@ -42,6 +43,8 @@

USE OR OTHER DEALINGS IN THE SOFTWARE.

+#include <expat_config.h>

#include <stddef.h>

#include <string.h> /* memcpy */

#include <stdbool.h>

@@ -50,8 +53,6 @@

# include "winconfig.h"

#endif

-#include <expat_config.h>

#include "expat_external.h"

#include "internal.h"

#include "xmltok.h"

diff --git a/lib/libexpat/lib/xmltok_ns.c b/lib/libexpat/lib/xmltok_ns.c
index 5fd83922359..fbdd3e3c7b7 100644
--- a/lib/libexpat/lib/xmltok_ns.c
+++ b/lib/libexpat/lib/xmltok_ns.c

@@ -11,7 +11,7 @@

Licensed under the MIT license:

Permission is hereby granted, free of charge, to any person obtaining

@@ -93,7 +93,7 @@ NS(XmlInitEncoding)(INIT_ENCODING *p, const ENCODING **encPtr,

static const ENCODING *

NS(findEncoding)(const ENCODING *enc, const char *ptr, const char *end) {

# define ENCODING_MAX 128

- char buf[ENCODING_MAX];

+ char buf[ENCODING_MAX] = "";

char *p = buf;

int i;

XmlUtf8Convert(enc, &ptr, end, &p, p + ENCODING_MAX - 1);

diff --git a/lib/libexpat/tests/runtests.c b/lib/libexpat/tests/runtests.c
index 45ba5d59f4f..d2923ac1fd5 100644
--- a/lib/libexpat/tests/runtests.c
+++ b/lib/libexpat/tests/runtests.c

@@ -10,13 +10,14 @@

Licensed under the MIT license:

Permission is hereby granted, free of charge, to any person obtaining

@@ -39,12 +40,12 @@

USE OR OTHER DEALINGS IN THE SOFTWARE.

+#include <expat_config.h>

#if defined(NDEBUG)

# undef NDEBUG /* because test suite relies on assert(...) at the moment */

#endif

-#include <expat_config.h>

#include <assert.h>

#include <stdlib.h>

#include <stdio.h>

@@ -7351,7 +7352,7 @@ START_TEST(test_misc_version) {

fail("Version mismatch");

#if ! defined(XML_UNICODE) || defined(XML_UNICODE_WCHAR_T)

- if (xcstrcmp(version_text, XCS("expat_2.4.1"))) /* needs bump on releases */

+ if (xcstrcmp(version_text, XCS("expat_2.4.3"))) /* needs bump on releases */

fail("XML_*_VERSION in expat.h out of sync?\n");

#else

/* If we have XML_UNICODE defined but not XML_UNICODE_WCHAR_T