diff options
-rw-r--r-- | expat/lib/xmlparse.c | 36 | ||||
-rw-r--r-- | expat/tests/chardata.c | 14 | ||||
-rw-r--r-- | expat/xmlwf/xmlwf.c | 15 |
3 files changed, 27 insertions, 38 deletions
diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c index ba506a33..39fdccae 100644 --- a/expat/lib/xmlparse.c +++ b/expat/lib/xmlparse.c @@ -97,6 +97,7 @@ #include "ascii.h" #include "expat.h" #include "siphash.h" +#include "xcsinc.c" #if defined(HAVE_GETRANDOM) || defined(HAVE_SYSCALL_GETRANDOM) # if defined(HAVE_GETRANDOM) @@ -3652,15 +3653,23 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr, return XML_ERROR_NONE; prefixLen = 0; if (parser->m_ns_triplets && binding->prefix->name) { - for (; binding->prefix->name[prefixLen++];) - ; /* prefixLen includes null terminator */ + const size_t candidateLen + = xcslen(binding->prefix->name) + /*null terminator*/ 1; + if (candidateLen > INT_MAX) + return XML_ERROR_NO_MEMORY; + prefixLen = (int)candidateLen; } tagNamePtr->localPart = localPart; tagNamePtr->uriLen = binding->uriLen; tagNamePtr->prefix = binding->prefix->name; tagNamePtr->prefixLen = prefixLen; - for (i = 0; localPart[i++];) - ; /* i includes null terminator */ + { + const size_t candidateLen = xcslen(localPart) + /*null terminator*/ 1; + /* Detect and prevent integer overflow */ + if (i > INT_MAX) + return XML_ERROR_NO_MEMORY; + i = (int)candidateLen; + } /* Detect and prevent integer overflow */ if (binding->uriLen > INT_MAX - prefixLen @@ -5406,9 +5415,7 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end, return XML_ERROR_NO_MEMORY; name = el->name; dtd->scaffold[myindex].name = name; - nameLen = 0; - for (; name[nameLen++];) - ; + nameLen = xcslen(name) + /*null terminator*/ 1; /* Detect and prevent integer overflow */ if (nameLen > UINT_MAX - dtd->contentStringLen) { @@ -6869,10 +6876,7 @@ keyeq(KEY s1, KEY s2) { static size_t keylen(KEY s) { - size_t len = 0; - for (; *s; s++, len++) - ; - return len; + return xcslen(s); } static void @@ -7503,12 +7507,10 @@ copyString(const XML_Char *s, const XML_Memory_Handling_Suite *memsuite) { size_t charsRequired = 0; XML_Char *result; - /* First determine how long the string is */ - while (s[charsRequired] != 0) { - charsRequired++; - } - /* Include the terminator */ - charsRequired++; + const size_t candidateLen = xcslen(s) + /*null terminator*/ 1; + if (candidateLen > INT_MAX) + return NULL; + charsRequired = (int)candidateLen; /* Now allocate space for the copy */ result = memsuite->malloc_fcn(charsRequired * sizeof(XML_Char)); diff --git a/expat/tests/chardata.c b/expat/tests/chardata.c index d1989a84..163cc68b 100644 --- a/expat/tests/chardata.c +++ b/expat/tests/chardata.c @@ -42,15 +42,7 @@ #include <string.h> #include "chardata.h" - -static int -xmlstrlen(const XML_Char *s) { - int len = 0; - assert(s != NULL); - while (s[len] != 0) - ++len; - return len; -} +#include "../lib/xcsinc.c" void CharData_Init(CharData *storage) { @@ -68,7 +60,7 @@ CharData_AppendXMLChars(CharData *storage, const XML_Char *s, int len) { if (storage->count < 0) storage->count = 0; if (len < 0) - len = xmlstrlen(s); + len = (int)xcslen(s); if ((len + storage->count) > maxchars) { len = (maxchars - storage->count); } @@ -81,7 +73,7 @@ CharData_AppendXMLChars(CharData *storage, const XML_Char *s, int len) { int CharData_CheckXMLChars(CharData *storage, const XML_Char *expected) { char buffer[1024]; - int len = xmlstrlen(expected); + int len = (int)xcslen(expected); int count; assert(storage != NULL); diff --git a/expat/xmlwf/xmlwf.c b/expat/xmlwf/xmlwf.c index b0cd212f..6c0752a4 100644 --- a/expat/xmlwf/xmlwf.c +++ b/expat/xmlwf/xmlwf.c @@ -63,6 +63,8 @@ # include <wchar.h> #endif +#include "../lib/xcsinc.c" + enum ExitCode { XMLWF_EXIT_SUCCESS = 0, XMLWF_EXIT_INTERNAL_ERROR = 1, @@ -301,16 +303,9 @@ processingInstruction(void *userData, const XML_Char *target, static XML_Char * xcsdup(const XML_Char *s) { - XML_Char *result; - int count = 0; - int numBytes; - - /* Get the length of the string, including terminator */ - while (s[count++] != 0) { - /* Do nothing */ - } - numBytes = count * sizeof(XML_Char); - result = malloc(numBytes); + const size_t numBytes + = (xcslen(s) + /* null terminator */ 1) * sizeof(XML_Char); + XML_Char *const result = malloc(numBytes); if (result == NULL) return NULL; memcpy(result, s, numBytes); |