diff options
| author | Sebastian Pipping <sebastian@pipping.org> | 2022-02-18 18:00:46 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-02-18 18:00:46 +0100 |
| commit | d477fdd284468f2ab822024e75702f2c1b254f42 (patch) | |
| tree | 2a604072281fc653be9f649c817c9623d083c1e0 | |
| parent | 89214940efd13e3b83fa078fd70eb4dbdc04c4a5 (diff) | |
| parent | efcb347440ade24b9f1054671e6bd05e60b4cafd (diff) | |
| download | libexpat-git-d477fdd284468f2ab822024e75702f2c1b254f42.tar.gz | |
Merge pull request #560 from ferivoz/copy
[CVE-2022-25314] lib: Prevent integer overflow in copyString
| -rw-r--r-- | expat/lib/xmlparse.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c index 8bd5b077..7376aab1 100644 --- a/expat/lib/xmlparse.c +++ b/expat/lib/xmlparse.c @@ -7459,7 +7459,7 @@ getElementType(XML_Parser parser, const ENCODING *enc, const char *ptr, static XML_Char * copyString(const XML_Char *s, const XML_Memory_Handling_Suite *memsuite) { - int charsRequired = 0; + size_t charsRequired = 0; XML_Char *result; /* First determine how long the string is */ |