The symptom was:
> [..]/expat/lib/xmlparse.c:826:9: error: narrowing conversion from 'ssize_t' (aka 'long') to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 826 | getrandom(currentTarget, bytesToWrite, getrandomFlags);
> | ^
> [..]/expat/lib/xmlparse.c:2765:19: error: narrowing conversion from 'unsigned long' to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 2765 | int nameLen = sizeof(XML_Char) * (tag->name.strLen + 1);
> | ^
> [..]/expat/lib/xmlparse.c:3734:16: error: narrowing conversion from 'unsigned int' to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 3734 | for (j = nsAttsSize; j != 0;)
> | ^
> [..]/expat/lib/xmlparse.c:3800:15: error: narrowing conversion from 'unsigned long' to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 3800 | j = uriHash & mask; /* index into hash table */
> | ^
> [..]/expat/lib/xmlparse.c:3814:30: error: narrowing conversion from 'unsigned int' to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 3814 | j < step ? (j += nsAttsSize - step) : (j -= step);
> | ^
> [..]/expat/lib/xmlparse.c:6309:13: error: narrowing conversion from 'int' to signed type 'char' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 6309 | parser->m_prologState.documentEntity &&
> | ^
> [..]/expat/lib/xmlparse.c:6314:27: error: narrowing conversion from 'int' to signed type 'char' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 6314 | checkEntityDecl = ! dtd->hasParamEntityRefs || dtd->standalone;
> | ^
> [..]/expat/lib/xmlparse.c:7897:10: error: narrowing conversion from 'unsigned int' to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 7897 | next = dtd->scaffCount++;
> | ^
> [..]/expat/lib/xmlparse.c:8096:16: error: narrowing conversion from 'XmlBigCount' (aka 'unsigned long long') to 'float' [bugprone-narrowing-conversions,-warnings-as-errors]
> 8096 | ? (countBytesOutput
> | ^
> [..]/expat/lib/xmlparse.c:8098:16: error: narrowing conversion from 'XmlBigCount' (aka 'unsigned long long') to 'float' [bugprone-narrowing-conversions,-warnings-as-errors]
> 8098 | : ((lenOfShortestInclude
> | ^
The symptom was:
> [..]/expat/xmlwf/xmlfile.c:204:13: error: narrowing conversion from 'ssize_t' (aka 'long') to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 204 | nread = read(fd, buf, g_read_size_bytes);
> | ^
> [..]/expat/xmlwf/xmlwf.c:314:14: error: narrowing conversion from 'unsigned long' to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 314 | numBytes = count * sizeof(XML_Char);
> | ^
The solution to read(3) was copied from file xmlwf/readfilemap.c for now.
The symptom was:
> [..]/expat/fuzz/xml_parse_fuzzer.c:68:40: error: narrowing conversion from 'size_t' (aka 'unsigned long') to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 68 | XML_Parse(p, (const XML_Char *)data, size, 0);
> | ^
> [..]/expat/fuzz/xml_parse_fuzzer.c:69:44: error: narrowing conversion from 'size_t' (aka 'unsigned long') to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 69 | if (XML_Parse(p, (const XML_Char *)data, size, 1) == XML_STATUS_ERROR) {
> | ^
> [..]/expat/fuzz/xml_parsebuffer_fuzzer.c:69:32: error: narrowing conversion from 'size_t' (aka 'unsigned long') to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 69 | void *buf = XML_GetBuffer(p, size);
> | ^
> [..]/expat/fuzz/xml_parsebuffer_fuzzer.c:72:22: error: narrowing conversion from 'size_t' (aka 'unsigned long') to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 72 | XML_ParseBuffer(p, size, 0);
> | ^
> [..]/expat/fuzz/xml_parsebuffer_fuzzer.c:73:26: error: narrowing conversion from 'size_t' (aka 'unsigned long') to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 73 | buf = XML_GetBuffer(p, size);
> | ^
> [..]/expat/fuzz/xml_parsebuffer_fuzzer.c:78:26: error: narrowing conversion from 'size_t' (aka 'unsigned long') to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 78 | if (XML_ParseBuffer(p, size, 1) == XML_STATUS_ERROR) {
> | ^
The symptom was:
> [..]/expat/tests/alloc_tests.c:326:26: error: narrowing conversion from 'unsigned int' to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 326 | g_allocation_count = i;
> | ^
> [..]/expat/tests/alloc_tests.c:437:26: error: narrowing conversion from 'unsigned int' to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 437 | g_allocation_count = i;
> | ^
> [..]/expat/tests/basic_tests.c:415:47: error: narrowing conversion from 'unsigned int' to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 415 | if (_XML_Parse_SINGLE_BYTES(g_parser, text, first_chunk_bytes, XML_FALSE)
> | ^
> [..]/expat/tests/basic_tests.c:421:34: error: narrowing conversion from 'unsigned long' to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 421 | sizeof(text) - first_chunk_bytes - 1,
> | ^
> [..]/expat/tests/handlers.c:92:37: error: narrowing conversion from 'XML_Size' (aka 'unsigned long') to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 92 | StructData_AddItem(storage, name, XML_GetCurrentColumnNumber(g_parser),
> | ^
> [..]/expat/tests/handlers.c:93:22: error: narrowing conversion from 'XML_Size' (aka 'unsigned long') to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 93 | XML_GetCurrentLineNumber(g_parser), STRUCT_START_TAG);
> | ^
> [..]/expat/tests/handlers.c:99:37: error: narrowing conversion from 'XML_Size' (aka 'unsigned long') to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 99 | StructData_AddItem(storage, name, XML_GetCurrentColumnNumber(g_parser),
> | ^
> [..]/expat/tests/handlers.c💯22: error: narrowing conversion from 'XML_Size' (aka 'unsigned long') to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 100 | XML_GetCurrentLineNumber(g_parser), STRUCT_END_TAG);
> | ^
> [..]/expat/tests/handlers.c:1279:26: error: narrowing conversion from 'unsigned int' to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 1279 | g_allocation_count = i;
> | ^
> [..]/expat/tests/misc_tests.c:73:26: error: narrowing conversion from 'unsigned int' to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 73 | g_allocation_count = i;
> | ^
> [..]/expat/tests/misc_tests.c:93:26: error: narrowing conversion from 'unsigned int' to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 93 | g_allocation_count = i;
> | ^
> [..]/expat/tests/nsalloc_tests.c:86:26: error: narrowing conversion from 'unsigned int' to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 86 | g_allocation_count = i;
> | ^
> [..]/expat/tests/nsalloc_tests.c:526:28: error: narrowing conversion from 'unsigned int' to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors]
> 526 | g_reallocation_count = i;
> | ^
The symptom was:
> [..]/expat/tests/handlers.c:135:19: error: function 'strcmp' is called without explicitly comparing result [bugprone-suspicious-string-compare,-warnings-as-errors]
> 135 | if (id != -1 && xcstrcmp(atts[id], info->id_name)) {
> | ^
> | != 0
POSIX strndup() does not read memory beyond NUL byte of the source
string. Preserve this behavior in libexpat implementation to prevent
access violations and keep portability.
m_eventPtr is a key provider to these functions:
- XML_GetCurrentByteCount
- XML_GetCurrentByteIndex
- XML_GetCurrentColumnNumber
- XML_GetCurrentLineNumber
- XML_GetInputContext
The fix for recursive entity processing introduced a reenter flag that
returns the execution from the current function and switches to entity
processing.
The same fix also updates the m_eventPtr during this switch. However
this update changes the behaviour in certain cases as the older version
does not update the m_eventPtr while recursing into entity processing.
This commit removes the pointer update and restores the old behaviour.
