summaryrefslogtreecommitdiff
path: root/chromium/third_party/libxml/src/parserInternals.c
diff options
context:
space:
mode:
Diffstat (limited to 'chromium/third_party/libxml/src/parserInternals.c')
-rw-r--r--chromium/third_party/libxml/src/parserInternals.c239
1 files changed, 125 insertions, 114 deletions
diff --git a/chromium/third_party/libxml/src/parserInternals.c b/chromium/third_party/libxml/src/parserInternals.c
index c26ccdaa71a..f55700e562a 100644
--- a/chromium/third_party/libxml/src/parserInternals.c
+++ b/chromium/third_party/libxml/src/parserInternals.c
@@ -299,6 +299,10 @@ xmlParserInputGrow(xmlParserInputPtr in, int len) {
if (in->cur == NULL) return(-1);
if (in->buf->buffer == NULL) return(-1);
+ /* Don't grow memory buffers. */
+ if ((in->buf->encoder == NULL) && (in->buf->readcallback == NULL))
+ return(0);
+
CHECK_BUFFER(in);
indx = in->cur - in->base;
@@ -308,12 +312,15 @@ xmlParserInputGrow(xmlParserInputPtr in, int len) {
return(0);
}
- if (in->buf->readcallback != NULL) {
- ret = xmlParserInputBufferGrow(in->buf, len);
- } else
- return(0);
+ ret = xmlParserInputBufferGrow(in->buf, len);
in->base = xmlBufContent(in->buf->buffer);
+ if (in->base == NULL) {
+ in->base = BAD_CAST "";
+ in->cur = in->base;
+ in->end = in->base;
+ return(-1);
+ }
in->cur = in->base + indx;
in->end = xmlBufEnd(in->buf->buffer);
@@ -353,7 +360,11 @@ xmlParserInputShrink(xmlParserInputPtr in) {
ret = xmlBufShrink(in->buf->buffer, used - LINE_LEN);
if (ret > 0) {
used -= ret;
- in->consumed += ret;
+ if ((ret > ULONG_MAX) ||
+ (in->consumed > ULONG_MAX - (unsigned long)ret))
+ in->consumed = ULONG_MAX;
+ else
+ in->consumed += ret;
}
}
@@ -395,7 +406,7 @@ xmlNextChar(xmlParserCtxtPtr ctxt)
return;
}
- if ((*ctxt->input->cur == 0) &&
+ if ((ctxt->input->cur >= ctxt->input->end) &&
(xmlParserInputGrow(ctxt->input, INPUT_CHUNK) <= 0)) {
return;
}
@@ -1020,128 +1031,125 @@ xmlSwitchInputEncodingInt(xmlParserCtxtPtr ctxt, xmlParserInputPtr input,
xmlCharEncodingHandlerPtr handler, int len)
{
int nbchars;
+ xmlParserInputBufferPtr in;
if (handler == NULL)
return (-1);
if (input == NULL)
return (-1);
- if (input->buf != NULL) {
- ctxt->charset = XML_CHAR_ENCODING_UTF8;
-
- if (input->buf->encoder != NULL) {
- /*
- * Check in case the auto encoding detection triggered
- * in already.
- */
- if (input->buf->encoder == handler)
- return (0);
+ in = input->buf;
+ if (in == NULL) {
+ xmlErrInternal(ctxt,
+ "static memory buffer doesn't support encoding\n", NULL);
+ /*
+ * Callers assume that the input buffer takes ownership of the
+ * encoding handler. xmlCharEncCloseFunc frees unregistered
+ * handlers and avoids a memory leak.
+ */
+ xmlCharEncCloseFunc(handler);
+ return (-1);
+ }
- /*
- * "UTF-16" can be used for both LE and BE
- if ((!xmlStrncmp(BAD_CAST input->buf->encoder->name,
- BAD_CAST "UTF-16", 6)) &&
- (!xmlStrncmp(BAD_CAST handler->name,
- BAD_CAST "UTF-16", 6))) {
- return(0);
- }
- */
+ ctxt->charset = XML_CHAR_ENCODING_UTF8;
- /*
- * Note: this is a bit dangerous, but that's what it
- * takes to use nearly compatible signature for different
- * encodings.
- *
- * FIXME: Encoders might buffer partial byte sequences, so
- * this probably can't work. We should return an error and
- * make sure that callers never try to switch the encoding
- * twice.
- */
- xmlCharEncCloseFunc(input->buf->encoder);
- input->buf->encoder = handler;
+ if (in->encoder != NULL) {
+ /*
+ * Check in case the auto encoding detection triggered
+ * in already.
+ */
+ if (in->encoder == handler)
return (0);
- }
- input->buf->encoder = handler;
/*
- * Is there already some content down the pipe to convert ?
+ * Note: this is a bit dangerous, but that's what it
+ * takes to use nearly compatible signature for different
+ * encodings.
+ *
+ * FIXME: Encoders might buffer partial byte sequences, so
+ * this probably can't work. We should return an error and
+ * make sure that callers never try to switch the encoding
+ * twice.
*/
- if (xmlBufIsEmpty(input->buf->buffer) == 0) {
- int processed;
- unsigned int use;
+ xmlCharEncCloseFunc(in->encoder);
+ in->encoder = handler;
+ return (0);
+ }
+ in->encoder = handler;
+ /*
+ * Is there already some content down the pipe to convert ?
+ */
+ if (xmlBufIsEmpty(in->buffer) == 0) {
+ size_t processed, use, consumed;
+
+ /*
+ * Specific handling of the Byte Order Mark for
+ * UTF-16
+ */
+ if ((handler->name != NULL) &&
+ (!strcmp(handler->name, "UTF-16LE") ||
+ !strcmp(handler->name, "UTF-16")) &&
+ (input->cur[0] == 0xFF) && (input->cur[1] == 0xFE)) {
+ input->cur += 2;
+ }
+ if ((handler->name != NULL) &&
+ (!strcmp(handler->name, "UTF-16BE")) &&
+ (input->cur[0] == 0xFE) && (input->cur[1] == 0xFF)) {
+ input->cur += 2;
+ }
+ /*
+ * Errata on XML-1.0 June 20 2001
+ * Specific handling of the Byte Order Mark for
+ * UTF-8
+ */
+ if ((handler->name != NULL) &&
+ (!strcmp(handler->name, "UTF-8")) &&
+ (input->cur[0] == 0xEF) &&
+ (input->cur[1] == 0xBB) && (input->cur[2] == 0xBF)) {
+ input->cur += 3;
+ }
+
+ /*
+ * Shrink the current input buffer.
+ * Move it as the raw buffer and create a new input buffer
+ */
+ processed = input->cur - input->base;
+ xmlBufShrink(in->buffer, processed);
+ input->consumed += processed;
+ in->raw = in->buffer;
+ in->buffer = xmlBufCreate();
+ in->rawconsumed = processed;
+ use = xmlBufUse(in->raw);
+
+ if (ctxt->html) {
/*
- * Specific handling of the Byte Order Mark for
- * UTF-16
- */
- if ((handler->name != NULL) &&
- (!strcmp(handler->name, "UTF-16LE") ||
- !strcmp(handler->name, "UTF-16")) &&
- (input->cur[0] == 0xFF) && (input->cur[1] == 0xFE)) {
- input->cur += 2;
- }
- if ((handler->name != NULL) &&
- (!strcmp(handler->name, "UTF-16BE")) &&
- (input->cur[0] == 0xFE) && (input->cur[1] == 0xFF)) {
- input->cur += 2;
- }
- /*
- * Errata on XML-1.0 June 20 2001
- * Specific handling of the Byte Order Mark for
- * UTF-8
+ * convert as much as possible of the buffer
*/
- if ((handler->name != NULL) &&
- (!strcmp(handler->name, "UTF-8")) &&
- (input->cur[0] == 0xEF) &&
- (input->cur[1] == 0xBB) && (input->cur[2] == 0xBF)) {
- input->cur += 3;
- }
-
+ nbchars = xmlCharEncInput(in, 1);
+ } else {
/*
- * Shrink the current input buffer.
- * Move it as the raw buffer and create a new input buffer
+ * convert just enough to get
+ * '<?xml version="1.0" encoding="xxx"?>'
+ * parsed with the autodetected encoding
+ * into the parser reading buffer.
*/
- processed = input->cur - input->base;
- xmlBufShrink(input->buf->buffer, processed);
- input->buf->raw = input->buf->buffer;
- input->buf->buffer = xmlBufCreate();
- input->buf->rawconsumed = processed;
- use = xmlBufUse(input->buf->raw);
-
- if (ctxt->html) {
- /*
- * convert as much as possible of the buffer
- */
- nbchars = xmlCharEncInput(input->buf, 1);
- } else {
- /*
- * convert just enough to get
- * '<?xml version="1.0" encoding="xxx"?>'
- * parsed with the autodetected encoding
- * into the parser reading buffer.
- */
- nbchars = xmlCharEncFirstLineInput(input->buf, len);
- }
- xmlBufResetInput(input->buf->buffer, input);
- if (nbchars < 0) {
- xmlErrInternal(ctxt,
- "switching encoding: encoder error\n",
- NULL);
- return (-1);
- }
- input->buf->rawconsumed += use - xmlBufUse(input->buf->raw);
+ nbchars = xmlCharEncFirstLineInput(in, len);
}
- return (0);
- } else {
- xmlErrInternal(ctxt,
- "static memory buffer doesn't support encoding\n", NULL);
- /*
- * Callers assume that the input buffer takes ownership of the
- * encoding handler. xmlCharEncCloseFunc frees unregistered
- * handlers and avoids a memory leak.
- */
- xmlCharEncCloseFunc(handler);
- return (-1);
+ xmlBufResetInput(in->buffer, input);
+ if (nbchars < 0) {
+ xmlErrInternal(ctxt,
+ "switching encoding: encoder error\n",
+ NULL);
+ return (-1);
+ }
+ consumed = use - xmlBufUse(in->raw);
+ if ((consumed > ULONG_MAX) ||
+ (in->rawconsumed > ULONG_MAX - (unsigned long)consumed))
+ in->rawconsumed = ULONG_MAX;
+ else
+ in->rawconsumed += consumed;
}
+ return (0);
}
/**
@@ -1236,7 +1244,7 @@ xmlNewInputStream(xmlParserCtxtPtr ctxt) {
* the id is actually needed.
*/
if (ctxt != NULL) {
- if (ctxt->input_id >= INT_MAX) {
+ if (input->id >= INT_MAX) {
xmlErrMemory(ctxt, "Input ID overflow\n");
return(NULL);
}
@@ -1309,8 +1317,11 @@ xmlNewEntityInputStream(xmlParserCtxtPtr ctxt, xmlEntityPtr entity) {
break;
case XML_EXTERNAL_GENERAL_PARSED_ENTITY:
case XML_EXTERNAL_PARAMETER_ENTITY:
- return(xmlLoadExternalEntity((char *) entity->URI,
- (char *) entity->ExternalID, ctxt));
+ input = xmlLoadExternalEntity((char *) entity->URI,
+ (char *) entity->ExternalID, ctxt);
+ if (input != NULL)
+ input->entity = entity;
+ return(input);
case XML_INTERNAL_GENERAL_ENTITY:
xmlErrInternal(ctxt,
"Internal entity %s without content !\n",
@@ -1341,6 +1352,7 @@ xmlNewEntityInputStream(xmlParserCtxtPtr ctxt, xmlEntityPtr entity) {
input->cur = entity->content;
input->length = entity->length;
input->end = &entity->content[input->length];
+ input->entity = entity;
return(input);
}
@@ -1639,7 +1651,6 @@ xmlInitSAXParserCtxt(xmlParserCtxtPtr ctxt, const xmlSAXHandler *sax,
ctxt->depth = 0;
ctxt->charset = XML_CHAR_ENCODING_UTF8;
ctxt->catalogs = NULL;
- ctxt->nbentities = 0;
ctxt->sizeentities = 0;
ctxt->sizeentcopy = 0;
ctxt->input_id = 1;
View Lorry Controller Status