lib/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2026-01-28 10:01:00 +03:00
Code Activity
Files
2017cae6dfd020355f1a4e8f209e99d4d19e1fab
libxml2/xmlstring.c
Nick Wellnhofer 6010a5369f Avoid potential integer overflow in xmlstring.c 
For historical reasons, the string API operates with int indices which
can overflow, especially on 64-bit systems. libxml2 always made the
tacit assumption that strings will be never larger than INT_MAX bytes.
It should be considered a bug if any part of the code can produce
larger strings, whether they are externally visible or not.

Likewise, API users are expected not to supply strings larger than
INT_MAX bytes. This requirement isn't documented. But even if it was,
we must handle larger strings passed in by accident without causing
memory errors.

- xmlStrndup, xmlCharStrndup, xmlUTF8Strndup
  Avoid integer overflow if len == INT_MAX.

- xmlStrlen, xmlUTF8Strsize, xmlUTF8Strloc
  Avoid integer overflow by using size_t for index. If an input string
  larger than INT_MAX bytes is detected, these functions now return 0
  instead of a wrong and possibly negative value.

- xmlCheckUTF8
  Avoid integer overflow by limiting index range.

- xmlStrncat, xmlStrncatNew, xmlEscapeFormatString
  Avoid integer overflow. Return NULL instead of producing strings
  larger than INT_MAX bytes.
2022-01-28 16:27:12 +01:00

26 KiB
Raw Blame History

View Raw
View Git Blame Copy Permalink