diff options
-rw-r--r-- | lib/libexpat/lib/xmlparse.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/lib/libexpat/lib/xmlparse.c b/lib/libexpat/lib/xmlparse.c index 8ddf0d9da0e..87b77451648 100644 --- a/lib/libexpat/lib/xmlparse.c +++ b/lib/libexpat/lib/xmlparse.c @@ -1366,7 +1366,7 @@ XML_SetParamEntityParsing(XML_Parser parser, enum XML_Status XML_Parse(XML_Parser parser, const char *s, int len, int isFinal) { - /* Prevent integer overflow */ + /* Avoid integer overflow */ if (((len * 2) < len) && (((long long)len * 2) > MAXLEN)) return XML_STATUS_ERROR; if (len == 0) { @@ -1405,7 +1405,6 @@ XML_Parse(XML_Parser parser, const char *s, int len, int isFinal) nLeftOver = s + len - end; if (nLeftOver) { if (buffer == NULL || nLeftOver > bufferLim - buffer) { - /* FIXME avoid integer overflow */ char *temp; temp = (buffer == NULL ? (char *)MALLOC(len * 2) @@ -1467,11 +1466,11 @@ XML_ParseBuffer(XML_Parser parser, int len, int isFinal) void * XML_GetBuffer(XML_Parser parser, int len) { + /* Avoid integer overflow */ if (((len + (bufferEnd - bufferPtr)) < len) && ((long long)len + (bufferEnd - bufferPtr) > MAXLEN)) return NULL; if (len > bufferLim - bufferEnd) { - /* FIXME avoid integer overflow */ int neededSize = len + (bufferEnd - bufferPtr); #ifdef XML_CONTEXT_BYTES int keep = bufferPtr - buffer; |