Commit 4f9fdc70 authored by Daniel Veillard's avatar Daniel Veillard

Fix entities local buffers size problems

parent 459eeb9d
...@@ -528,13 +528,13 @@ xmlGetDocEntity(xmlDocPtr doc, const xmlChar *name) { ...@@ -528,13 +528,13 @@ xmlGetDocEntity(xmlDocPtr doc, const xmlChar *name) {
* Macro used to grow the current buffer. * Macro used to grow the current buffer.
*/ */
#define growBufferReentrant() { \ #define growBufferReentrant() { \
buffer_size *= 2; \ xmlChar *tmp; \
buffer = (xmlChar *) \ size_t new_size = buffer_size *= 2; \
xmlRealloc(buffer, buffer_size * sizeof(xmlChar)); \ if (new_size < buffer_size) goto mem_error; \
if (buffer == NULL) { \ tmp = (xmlChar *) xmlRealloc(buffer, new_size); \
xmlEntitiesErrMemory("xmlEncodeEntitiesReentrant: realloc failed");\ if (tmp == NULL) goto mem_error; \
return(NULL); \ buffer = tmp; \
} \ buffer_size = new_size; \
} }
...@@ -555,7 +555,7 @@ xmlEncodeEntitiesReentrant(xmlDocPtr doc, const xmlChar *input) { ...@@ -555,7 +555,7 @@ xmlEncodeEntitiesReentrant(xmlDocPtr doc, const xmlChar *input) {
const xmlChar *cur = input; const xmlChar *cur = input;
xmlChar *buffer = NULL; xmlChar *buffer = NULL;
xmlChar *out = NULL; xmlChar *out = NULL;
int buffer_size = 0; size_t buffer_size = 0;
int html = 0; int html = 0;
if (input == NULL) return(NULL); if (input == NULL) return(NULL);
...@@ -574,8 +574,8 @@ xmlEncodeEntitiesReentrant(xmlDocPtr doc, const xmlChar *input) { ...@@ -574,8 +574,8 @@ xmlEncodeEntitiesReentrant(xmlDocPtr doc, const xmlChar *input) {
out = buffer; out = buffer;
while (*cur != '\0') { while (*cur != '\0') {
if (out - buffer > buffer_size - 100) { size_t indx = out - buffer;
int indx = out - buffer; if (indx + 100 > buffer_size) {
growBufferReentrant(); growBufferReentrant();
out = &buffer[indx]; out = &buffer[indx];
...@@ -692,6 +692,11 @@ xmlEncodeEntitiesReentrant(xmlDocPtr doc, const xmlChar *input) { ...@@ -692,6 +692,11 @@ xmlEncodeEntitiesReentrant(xmlDocPtr doc, const xmlChar *input) {
} }
*out = 0; *out = 0;
return(buffer); return(buffer);
mem_error:
xmlEntitiesErrMemory("xmlEncodeEntitiesReentrant: realloc failed");
xmlFree(buffer);
return(NULL);
} }
/** /**
...@@ -709,7 +714,7 @@ xmlEncodeSpecialChars(xmlDocPtr doc ATTRIBUTE_UNUSED, const xmlChar *input) { ...@@ -709,7 +714,7 @@ xmlEncodeSpecialChars(xmlDocPtr doc ATTRIBUTE_UNUSED, const xmlChar *input) {
const xmlChar *cur = input; const xmlChar *cur = input;
xmlChar *buffer = NULL; xmlChar *buffer = NULL;
xmlChar *out = NULL; xmlChar *out = NULL;
int buffer_size = 0; size_t buffer_size = 0;
if (input == NULL) return(NULL); if (input == NULL) return(NULL);
/* /*
...@@ -724,8 +729,8 @@ xmlEncodeSpecialChars(xmlDocPtr doc ATTRIBUTE_UNUSED, const xmlChar *input) { ...@@ -724,8 +729,8 @@ xmlEncodeSpecialChars(xmlDocPtr doc ATTRIBUTE_UNUSED, const xmlChar *input) {
out = buffer; out = buffer;
while (*cur != '\0') { while (*cur != '\0') {
if (out - buffer > buffer_size - 10) { size_t indx = out - buffer;
int indx = out - buffer; if (indx + 10 > buffer_size) {
growBufferReentrant(); growBufferReentrant();
out = &buffer[indx]; out = &buffer[indx];
...@@ -774,6 +779,11 @@ xmlEncodeSpecialChars(xmlDocPtr doc ATTRIBUTE_UNUSED, const xmlChar *input) { ...@@ -774,6 +779,11 @@ xmlEncodeSpecialChars(xmlDocPtr doc ATTRIBUTE_UNUSED, const xmlChar *input) {
} }
*out = 0; *out = 0;
return(buffer); return(buffer);
mem_error:
xmlEntitiesErrMemory("xmlEncodeSpecialChars: realloc failed");
xmlFree(buffer);
return(NULL);
} }
/** /**
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment