代码拉取完成,页面将自动刷新
From f5b31e49bcababb8da09c2697e24d0ba80a261b6 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <[email protected]>
Date: Thu, 1 Sep 2022 02:33:16 +0200
Subject: [PATCH] Fix overflow check in SAX2.c
Reference:https://github.com/GNOME/libxml2/commit/aeb69fd3575a33eb2ffded18a444d8945bcbd741
Conflict:SAX2.c
---
SAX2.c | 24 ++++++++++--------------
1 file changed, 10 insertions(+), 14 deletions(-)
diff --git a/SAX2.c b/SAX2.c
index 0319246..9801393 100644
--- a/SAX2.c
+++ b/SAX2.c
@@ -28,11 +28,6 @@
#include <libxml/HTMLtree.h>
#include <libxml/globals.h>
-/* Define SIZE_T_MAX unless defined through <limits.h>. */
-#ifndef SIZE_T_MAX
-# define SIZE_T_MAX ((size_t)-1)
-#endif /* !SIZE_T_MAX */
-
/* #define DEBUG_SAX2 */
/* #define DEBUG_SAX2_TREE */
@@ -2576,22 +2571,23 @@ xmlSAX2Text(xmlParserCtxtPtr ctxt, const xmlChar *ch, int len,
xmlSAX2ErrMemory(ctxt, "xmlSAX2Characters: xmlStrdup returned NULL");
return;
}
- if (((size_t)ctxt->nodelen + (size_t)len > XML_MAX_TEXT_LENGTH) &&
+ if (ctxt->nodelen > INT_MAX - len) {
+ xmlSAX2ErrMemory(ctxt, "xmlSAX2Characters overflow prevented");
+ return;
+ }
+ if ((ctxt->nodelen + len > XML_MAX_TEXT_LENGTH) &&
((ctxt->options & XML_PARSE_HUGE) == 0)) {
xmlSAX2ErrMemory(ctxt, "xmlSAX2Characters: huge text node");
return;
}
- if ((size_t)ctxt->nodelen > SIZE_T_MAX - (size_t)len ||
- (size_t)ctxt->nodemem + (size_t)len > SIZE_T_MAX / 2) {
- xmlSAX2ErrMemory(ctxt, "xmlSAX2Characters overflow prevented");
- return;
- }
if (ctxt->nodelen + len >= ctxt->nodemem) {
xmlChar *newbuf;
- size_t size;
+ int size;
- size = ctxt->nodemem + len;
- size *= 2;
+ size = ctxt->nodemem > INT_MAX - len ?
+ INT_MAX :
+ ctxt->nodemem + len;
+ size = size > INT_MAX / 2 ? INT_MAX : size * 2;
newbuf = (xmlChar *) xmlRealloc(lastChild->content,size);
if (newbuf == NULL) {
xmlSAX2ErrMemory(ctxt, "xmlSAX2Characters");
--
2.27.0
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手