AuroraMiddleware/wxWidgets
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Do not compare an out-of-bounds pointer. See https://lwn.net/Articles/278137/

Browse Source
This commit is contained in:
Pascal Cuoq 2016-05-15 20:05:50 +02:00 committed by Vadim Zeitlin
parent 6a3374989c
commit 06ea3e152c
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/expat/lib/xmltok.c
View File

@ -359,7 +359,7 @@ utf8_toUtf16(const ENCODING *enc,
while (from < fromLim && to < toLim) {
switch (((struct normal_encoding *)enc)->type[(unsigned char)*from]) {
case BT_LEAD2:
if (from + 2 > fromLim) {
if (fromLim - from < 2) {
res = XML_CONVERT_INPUT_INCOMPLETE;
break;
}
@ -367,7 +367,7 @@ utf8_toUtf16(const ENCODING *enc,
from += 2;
break;
case BT_LEAD3:
if (from + 3 > fromLim) {
if (fromLim - from < 3) {
res = XML_CONVERT_INPUT_INCOMPLETE;
break;
}
@ -378,11 +378,11 @@ utf8_toUtf16(const ENCODING *enc,
case BT_LEAD4:
{
unsigned long n;
if (to + 2 > toLim) {
if (toLim - to < 2) {
res = XML_CONVERT_OUTPUT_EXHAUSTED;
goto after;
}
if (from + 4 > fromLim) {
if (fromLim - from < 4) {
res = XML_CONVERT_INPUT_INCOMPLETE;
goto after;
}
@ -620,7 +620,7 @@ E ## toUtf8(const ENCODING *enc, \
*fromP = from; \
return XML_CONVERT_OUTPUT_EXHAUSTED; \
} \
if (from + 4 > fromLim) { \
if (fromLim - from < 4) { \
*fromP = from; \
return XML_CONVERT_INPUT_INCOMPLETE; \
} \