From bedc9771e782f7def4771b19ce1bf489127af43c Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@src.gnome.org>
Date: Wed, 28 Sep 2005 21:42:15 +0000
Subject: [PATCH] applied patch from Massimo Morara fixing bug #317447 about
 risk of invalid

* parser.c: applied patch from Massimo Morara fixing bug #317447
  about risk of invalid write in xmlStringLenDecodeEntities
Daniel
---
 ChangeLog | 5 +++++
 parser.c  | 6 ++++++
 2 files changed, 11 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 2855a11d..cfd44d71 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Wed Sep 28 23:42:14 CEST 2005 Daniel Veillard <daniel@veillard.com>
+
+	* parser.c: applied patch from Massimo Morara fixing bug #317447
+	  about risk of invalid write in xmlStringLenDecodeEntities
+
 Tue Sep 27 11:20:57 CEST 2005 Daniel Veillard <daniel@veillard.com>
 
 	* error.c: Adrian Mouat pointed out redundancies in xmlReportError()
diff --git a/parser.c b/parser.c
index ce6e0039..aeb8ab3b 100644
--- a/parser.c
+++ b/parser.c
@@ -2177,6 +2177,9 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
 	    if (val != 0) {
 		COPY_BUF(0,buffer,nbchars,val);
 	    }
+	    if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) {
+	        growBuffer(buffer);
+	    }
 	} else if ((c == '&') && (what & XML_SUBSTITUTE_REF)) {
 	    if (xmlParserDebugEntities)
 		xmlGenericError(xmlGenericErrorContext,
@@ -2187,6 +2190,9 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
 		(ent->etype == XML_INTERNAL_PREDEFINED_ENTITY)) {
 		if (ent->content != NULL) {
 		    COPY_BUF(0,buffer,nbchars,ent->content[0]);
+		    if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) {
+			growBuffer(buffer);
+		    }
 		} else {
 		    xmlFatalErrMsg(ctxt, XML_ERR_INTERNAL_ERROR,
 			    "predefined entity has no content\n");