organicmaps/libexpat
13
Fork 0
mirror of https://github.com/libexpat/libexpat.git synced 2025-04-13 08:02:56 +00:00
Code Issues 1 Projects Releases Wiki Activity Actions

xmlparse.c: Fix XML_Size/XML_Index cast mixup

Browse source 
The "MAX = (type)-1" hack only works for unsigned types:
XML_Size is unsigned but XML_Index is not.
As the positive maximum of signed integers is about
half as big as that of their unsigned counterpart,
we divide by 2.

Example for 2 bit integers:
* signed: -2, -1, 0, 1 == 2^1-1
* unsigned: 0, 1, 2, 3 == 2^2-1

Fixing 4be2cb5afc
This commit is contained in:
Sebastian Pipping 2017-06-13 23:10:08 +02:00
parent 51308292cd
commit 7e5b71b748
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
expat/lib/xmlparse.c
View file

@ -1811,7 +1811,7 @@ XML_Parse(XML_Parser parser, const char *s, int len, int isFinal)
int nLeftOver;
enum XML_Status result;
/* Detect overflow (a+b > MAX <==> b > MAX-a) */
if (len > (XML_Index)-1 - parseEndByteIndex) {
if (len > ((XML_Size)-1) / 2 - parseEndByteIndex) {
errorCode = XML_ERROR_NO_MEMORY;
eventPtr = eventEndPtr = NULL;
processor = errorProcessor;