From 9b672513c839d6ad0271c80bfa0eb26fe159cd33 Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Sat, 19 Feb 2022 19:46:32 +0100 Subject: [PATCH] lib/xmlwf: Leverage xcslen --- expat/lib/xmlparse.c | 36 +++++++++++++++++++----------------- expat/tests/chardata.c | 14 +++----------- expat/xmlwf/xmlwf.c | 15 +++++---------- 3 files changed, 27 insertions(+), 38 deletions(-) diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c index f4948b35..54f276e0 100644 --- a/expat/lib/xmlparse.c +++ b/expat/lib/xmlparse.c @@ -120,6 +120,7 @@ #include "ascii.h" #include "expat.h" #include "siphash.h" +#include "xcsinc.c" #if defined(HAVE_GETRANDOM) || defined(HAVE_SYSCALL_GETRANDOM) # if defined(HAVE_GETRANDOM) @@ -3872,15 +3873,23 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr, return XML_ERROR_NONE; prefixLen = 0; if (parser->m_ns_triplets && binding->prefix->name) { - for (; binding->prefix->name[prefixLen++];) - ; /* prefixLen includes null terminator */ + const size_t candidateLen + = xcslen(binding->prefix->name) + /*null terminator*/ 1; + if (candidateLen > INT_MAX) + return XML_ERROR_NO_MEMORY; + prefixLen = (int)candidateLen; } tagNamePtr->localPart = localPart; tagNamePtr->uriLen = binding->uriLen; tagNamePtr->prefix = binding->prefix->name; tagNamePtr->prefixLen = prefixLen; - for (i = 0; localPart[i++];) - ; /* i includes null terminator */ + { + const size_t candidateLen = xcslen(localPart) + /*null terminator*/ 1; + /* Detect and prevent integer overflow */ + if (i > INT_MAX) + return XML_ERROR_NO_MEMORY; + i = (int)candidateLen; + } /* Detect and prevent integer overflow */ if (binding->uriLen > INT_MAX - prefixLen @@ -5792,9 +5801,7 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end, return XML_ERROR_NO_MEMORY; name = el->name; dtd->scaffold[myindex].name = name; - nameLen = 0; - for (; name[nameLen++];) - ; + nameLen = xcslen(name) + /*null terminator*/ 1; /* Detect and prevent integer overflow */ if (nameLen > UINT_MAX - dtd->contentStringLen) { @@ -7440,10 +7447,7 @@ keyeq(KEY s1, KEY s2) { static size_t keylen(KEY s) { - size_t len = 0; - for (; *s; s++, len++) - ; - return len; + return xcslen(s); } static void @@ -8083,12 +8087,10 @@ copyString(const XML_Char *s, const XML_Memory_Handling_Suite *memsuite) { size_t charsRequired = 0; XML_Char *result; - /* First determine how long the string is */ - while (s[charsRequired] != 0) { - charsRequired++; - } - /* Include the terminator */ - charsRequired++; + const size_t candidateLen = xcslen(s) + /*null terminator*/ 1; + if (candidateLen > INT_MAX) + return NULL; + charsRequired = (int)candidateLen; /* Now allocate space for the copy */ result = memsuite->malloc_fcn(charsRequired * sizeof(XML_Char)); diff --git a/expat/tests/chardata.c b/expat/tests/chardata.c index 2adb2c54..ef50a714 100644 --- a/expat/tests/chardata.c +++ b/expat/tests/chardata.c @@ -47,15 +47,7 @@ #include #include "chardata.h" - -static int -xmlstrlen(const XML_Char *s) { - int len = 0; - assert(s != NULL); - while (s[len] != 0) - ++len; - return len; -} +#include "../lib/xcsinc.c" void CharData_Init(CharData *storage) { @@ -73,7 +65,7 @@ CharData_AppendXMLChars(CharData *storage, const XML_Char *s, int len) { if (storage->count < 0) storage->count = 0; if (len < 0) - len = xmlstrlen(s); + len = (int)xcslen(s); if ((len + storage->count) > maxchars) { len = (maxchars - storage->count); } @@ -85,7 +77,7 @@ CharData_AppendXMLChars(CharData *storage, const XML_Char *s, int len) { int CharData_CheckXMLChars(CharData *storage, const XML_Char *expected) { - int len = xmlstrlen(expected); + int len = (int)xcslen(expected); int count; assert(storage != NULL); diff --git a/expat/xmlwf/xmlwf.c b/expat/xmlwf/xmlwf.c index 7c0a8cd4..282373d7 100644 --- a/expat/xmlwf/xmlwf.c +++ b/expat/xmlwf/xmlwf.c @@ -65,6 +65,8 @@ # include #endif +#include "../lib/xcsinc.c" + enum ExitCode { XMLWF_EXIT_SUCCESS = 0, XMLWF_EXIT_INTERNAL_ERROR = 1, @@ -303,16 +305,9 @@ processingInstruction(void *userData, const XML_Char *target, static XML_Char * xcsdup(const XML_Char *s) { - XML_Char *result; - int count = 0; - int numBytes; - - /* Get the length of the string, including terminator */ - while (s[count++] != 0) { - /* Do nothing */ - } - numBytes = count * sizeof(XML_Char); - result = malloc(numBytes); + const size_t numBytes + = (xcslen(s) + /* null terminator */ 1) * sizeof(XML_Char); + XML_Char *const result = malloc(numBytes); if (result == NULL) return NULL; memcpy(result, s, numBytes);