lib/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-10-24 13:33:01 +03:00
Code Activity

parser: Check for integer overflow when updating checkIndex

Browse Source 
Unfortunately, checkIndex is a long, not a size_t. Check for integer
overflow before updating the value.
This commit is contained in:
Nick Wellnhofer
2023-03-12 19:03:11 +01:00
parent bd63d730b8
commit 9a6ca81612
2 changed files with 43 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
HTMLparser.c
View File

@@ -5398,7 +5398,7 @@ static int
htmlParseLookupSequence(htmlParserCtxtPtr ctxt, xmlChar first,
xmlChar next, xmlChar third, int ignoreattrval)
{
int base, len;
size_t base, len;
htmlParserInputPtr in;
const xmlChar *buf;
int quote;
@@ -5419,6 +5419,11 @@ htmlParseLookupSequence(htmlParserCtxtPtr ctxt, xmlChar first,
else if (next)
len--;
for (; base < len; base++) {
if (base >= INT_MAX / 2) {
ctxt->checkIndex = 0;
ctxt->endCheckState = 0;
return (base - 2);
}
if (ignoreattrval) {
if (quote) {
if (buf[base] == quote)