From 5b9e8dc70c8b78d3c70ff846d3fea97141e59f2e Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Sun, 30 Mar 2025 17:06:01 +0200 Subject: [PATCH 1/2] portable_strndup() must not read source string beyond NUL byte. POSIX strndup() does not read memory beyond NUL byte of the source string. Preserve this behavior in libexpat implementation to prevent access violations and keep portability. --- expat/tests/common.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/expat/tests/common.c b/expat/tests/common.c index b158385f..b2537d0d 100644 --- a/expat/tests/common.c +++ b/expat/tests/common.c @@ -303,7 +303,14 @@ duff_reallocator(void *ptr, size_t size) { return realloc(ptr, size); } -// Portable remake of strndup(3) for C99; does not care about space efficiency +// Portable remake of strnlen(3) for C99 +static size_t +portable_strnlen(const char *s, size_t maxlen) { + const char *const end = (const char *)memchr(s, '\0', maxlen); + return (end == NULL) ? maxlen : (size_t)(end - s); +} + +// Portable remake of strndup(3) for C99 char * portable_strndup(const char *s, size_t n) { if ((s == NULL) || (n == SIZE_MAX)) { @@ -311,6 +318,8 @@ portable_strndup(const char *s, size_t n) { return NULL; } + n = portable_strnlen(s, n); + char *const buffer = (char *)malloc(n + 1); if (buffer == NULL) { errno = ENOMEM; From 3c188810b6d522ed97183f9f52bab917496d650e Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Sun, 30 Mar 2025 17:02:35 +0200 Subject: [PATCH 2/2] Changes: Document #1000 --- expat/Changes | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/expat/Changes b/expat/Changes index 8fc61e94..fd0cee37 100644 --- a/expat/Changes +++ b/expat/Changes @@ -40,6 +40,11 @@ Release 2.7.2 ??? ????? ?? ???? Other changes: #994 docs: Drop AppVeyor badge + #1000 tests: Fix portable_strndup + + Special thanks to: + Alexander Bluhm + Theo Buehler Release 2.7.1 Thu March 27 2025 Bug fixes: