diff options
| author | Paul Duffin <paulduffin@google.com> | 2016-05-24 12:29:43 +0000 |
|---|---|---|
| committer | android-build-merger <android-build-merger@google.com> | 2016-05-24 12:29:43 +0000 |
| commit | a926c8a162ef69ae5fbbfee76fddd5b2ff2b09bf (patch) | |
| tree | 6d03e75a1093fbcfa043a2823c7b51ee70ec00b6 /lib | |
| parent | e5aa0a2cb0a5f759ef31c0819dc67d9b14246a4a (diff) | |
| parent | 161a47bda3f45c4df0a1c09fc0220107a4752cbd (diff) | |
| download | expat-a926c8a162ef69ae5fbbfee76fddd5b2ff2b09bf.tar.gz | |
Upgrade to expat 2.1.1 am: c05e032be5 am: 095459e694 am: f660c7f877 am: 3b539e5853 am: 851ab139ae am: 2fdae36fc6 am: cdf19cb4b7
am: 161a47bda3
* commit '161a47bda3f45c4df0a1c09fc0220107a4752cbd':
Upgrade to expat 2.1.1
Change-Id: Id8a4baa18df568a801ed7fe79ea2afa779b4dcd8
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/expat.h | 2 | ||||
| -rw-r--r-- | lib/xmlparse.c | 21 |
2 files changed, 19 insertions, 4 deletions
diff --git a/lib/expat.h b/lib/expat.h index 9a21680b..ec62f140 100644 --- a/lib/expat.h +++ b/lib/expat.h @@ -1038,7 +1038,7 @@ XML_GetFeatureList(void); */ #define XML_MAJOR_VERSION 2 #define XML_MINOR_VERSION 1 -#define XML_MICRO_VERSION 0 +#define XML_MICRO_VERSION 1 #ifdef __cplusplus } diff --git a/lib/xmlparse.c b/lib/xmlparse.c index f35aa36b..e308c795 100644 --- a/lib/xmlparse.c +++ b/lib/xmlparse.c @@ -1550,7 +1550,7 @@ XML_Parse(XML_Parser parser, const char *s, int len, int isFinal) else if (bufferPtr == bufferEnd) { const char *end; int nLeftOver; - enum XML_Error result; + enum XML_Status result; parseEndByteIndex += len; positionPtr = s; ps_finalBuffer = (XML_Bool)isFinal; @@ -1678,6 +1678,10 @@ XML_ParseBuffer(XML_Parser parser, int len, int isFinal) void * XMLCALL XML_GetBuffer(XML_Parser parser, int len) { + if (len < 0) { + errorCode = XML_ERROR_NO_MEMORY; + return NULL; + } switch (ps_parsing) { case XML_SUSPENDED: errorCode = XML_ERROR_SUSPENDED; @@ -1689,8 +1693,11 @@ XML_GetBuffer(XML_Parser parser, int len) } if (len > bufferLim - bufferEnd) { - /* FIXME avoid integer overflow */ int neededSize = len + (int)(bufferEnd - bufferPtr); + if (neededSize < 0) { + errorCode = XML_ERROR_NO_MEMORY; + return NULL; + } #ifdef XML_CONTEXT_BYTES int keep = (int)(bufferPtr - buffer); @@ -1719,7 +1726,11 @@ XML_GetBuffer(XML_Parser parser, int len) bufferSize = INIT_BUFFER_SIZE; do { bufferSize *= 2; - } while (bufferSize < neededSize); + } while (bufferSize < neededSize && bufferSize > 0); + if (bufferSize <= 0) { + errorCode = XML_ERROR_NO_MEMORY; + return NULL; + } newBuf = (char *)MALLOC(bufferSize); if (newBuf == 0) { errorCode = XML_ERROR_NO_MEMORY; @@ -2911,6 +2922,8 @@ storeAtts(XML_Parser parser, const ENCODING *enc, unsigned long uriHash = hash_secret_salt; ((XML_Char *)s)[-1] = 0; /* clear flag */ id = (ATTRIBUTE_ID *)lookup(parser, &dtd->attributeIds, s, 0); + if (!id || !id->prefix) + return XML_ERROR_NO_MEMORY; b = id->prefix->binding; if (!b) return XML_ERROR_UNBOUND_PREFIX; @@ -5475,6 +5488,8 @@ getAttributeId(XML_Parser parser, const ENCODING *enc, return NULL; id->prefix = (PREFIX *)lookup(parser, &dtd->prefixes, poolStart(&dtd->pool), sizeof(PREFIX)); + if (!id->prefix) + return NULL; if (id->prefix->name == poolStart(&dtd->pool)) poolFinish(&dtd->pool); else |