On Tue, Jul 21, 2015 at 11:19 AM, Peter Kasting <pkast...@google.com> wrote:
> The attached patch is one conservative way to fix this, which should be
> correct in all cases on all platforms.
>
For some reason on the archives the patch downloads as a .bin file instead
of a text file. While you can simply rename the patch or apply it anyway
(the contents were OK), here's a re-attached version with a ".txt" file
ending in hopes the name won't get mangled.
PK
diff --git a/dict.c b/dict.c
index 5f71d55..a9ff53e 100644
--- a/dict.c
+++ b/dict.c
@@ -249,7 +249,7 @@ xmlDictAddString(xmlDictPtr dict, const xmlChar *name,
unsigned int namelen) {
#endif
pool = dict->strings;
while (pool != NULL) {
- if (pool->end - pool->free > namelen)
+ if (pool->end > pool->free && (size_t)(pool->end - pool->free) >
namelen)
goto found_pool;
if (pool->size > size) size = pool->size;
limit += pool->size;
@@ -317,7 +317,8 @@ xmlDictAddQString(xmlDictPtr dict, const xmlChar *prefix,
unsigned int plen,
#endif
pool = dict->strings;
while (pool != NULL) {
- if (pool->end - pool->free > namelen + plen + 1)
+ if (pool->end > pool->free &&
+ (size_t)(pool->end - pool->free) > namelen + plen + 1)
goto found_pool;
if (pool->size > size) size = pool->size;
limit += pool->size;
_______________________________________________
xml mailing list, project page http://xmlsoft.org/
xml@gnome.org
https://mail.gnome.org/mailman/listinfo/xml
