Avoid creating an out-of-bounds pointer by rewriting a check

Creating more than one-past-the-end pointers is undefined behaviour in C and while this code is unlikely to be miscompiled, I discovered that an out-of-bounds pointer is being created using UBSan on a CHERI-enabled system.
author: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk> 2022-12-01 12:53:15 +0000
committer: Nick Wellnhofer <wellnhofer@aevum.de> 2022-12-01 15:30:12 +0000
commit: c715ded0861af956ba584f566bc7db6717f519d0 (patch)
tree: 34a0e7dcf03b0f9710d303cd8b0630750d631b21 /HTMLparser.c
parent: c62c0d82ccacc2000c45f211166f008687fb97a0 (diff)
download: libxml2-c715ded0861af956ba584f566bc7db6717f519d0.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/HTMLparser.c b/HTMLparser.c
index 2ab99de1..35859e32 100644
--- a/HTMLparser.c
+++ b/HTMLparser.c
@@ -2314,7 +2314,7 @@ htmlEncodeEntities(unsigned char* out, int *outlen,
 	    else
 		cp = ent->name;
 	    len = strlen(cp);
-	    if (out + 2 + len > outend)
+	    if (outend - out < len + 2)
 		break;
 	    *out++ = '&';
 	    memcpy(out, cp, len);
author	Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>	2022-12-01 12:53:15 +0000
committer	Nick Wellnhofer <wellnhofer@aevum.de>	2022-12-01 15:30:12 +0000
commit	c715ded0861af956ba584f566bc7db6717f519d0 (patch)
tree	34a0e7dcf03b0f9710d303cd8b0630750d631b21 /HTMLparser.c
parent	c62c0d82ccacc2000c45f211166f008687fb97a0 (diff)
download	libxml2-c715ded0861af956ba584f566bc7db6717f519d0.tar.gz