diff options
Diffstat (limited to 'textproc/expat/patches/patch-CVE-2016-0718-1')
-rw-r--r-- | textproc/expat/patches/patch-CVE-2016-0718-1 | 130 |
1 files changed, 0 insertions, 130 deletions
diff --git a/textproc/expat/patches/patch-CVE-2016-0718-1 b/textproc/expat/patches/patch-CVE-2016-0718-1 deleted file mode 100644 index 1e0cb06c26e..00000000000 --- a/textproc/expat/patches/patch-CVE-2016-0718-1 +++ /dev/null @@ -1,130 +0,0 @@ -$NetBSD: patch-CVE-2016-0718-1,v 1.1 2016/05/17 19:15:01 drochner Exp $ - -also fixes issues with the fix for CVE-2015-1283 (part of expat-2.1.1): - possible undefined compiler behaviour on signed integer overflows - (upstream commit f0bec73b018caa07d3e75ec8dd967f3785d71bde) - ---- lib/xmlparse.c.orig 2016-03-12 03:21:09.000000000 +0000 -+++ lib/xmlparse.c -@@ -1693,7 +1693,8 @@ XML_GetBuffer(XML_Parser parser, int len - } - - if (len > bufferLim - bufferEnd) { -- int neededSize = len + (int)(bufferEnd - bufferPtr); -+ /* Do not invoke signed arithmetic overflow: */ -+ int neededSize = (int) ((unsigned)len + (unsigned)(bufferEnd - bufferPtr)); - if (neededSize < 0) { - errorCode = XML_ERROR_NO_MEMORY; - return NULL; -@@ -1725,7 +1726,8 @@ XML_GetBuffer(XML_Parser parser, int len - if (bufferSize == 0) - bufferSize = INIT_BUFFER_SIZE; - do { -- bufferSize *= 2; -+ /* Do not invoke signed arithmetic overflow: */ -+ bufferSize = (int) (2U * (unsigned) bufferSize); - } while (bufferSize < neededSize && bufferSize > 0); - if (bufferSize <= 0) { - errorCode = XML_ERROR_NO_MEMORY; -@@ -2426,11 +2428,11 @@ doContent(XML_Parser parser, - for (;;) { - int bufSize; - int convLen; -- XmlConvert(enc, -+ const enum XML_Convert_Result convert_res = XmlConvert(enc, - &fromPtr, rawNameEnd, - (ICHAR **)&toPtr, (ICHAR *)tag->bufEnd - 1); - convLen = (int)(toPtr - (XML_Char *)tag->buf); -- if (fromPtr == rawNameEnd) { -+ if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) { - tag->name.strLen = convLen; - break; - } -@@ -2651,11 +2653,11 @@ doContent(XML_Parser parser, - if (MUST_CONVERT(enc, s)) { - for (;;) { - ICHAR *dataPtr = (ICHAR *)dataBuf; -- XmlConvert(enc, &s, next, &dataPtr, (ICHAR *)dataBufEnd); -+ const enum XML_Convert_Result convert_res = XmlConvert(enc, &s, next, &dataPtr, (ICHAR *)dataBufEnd); - *eventEndPP = s; - charDataHandler(handlerArg, dataBuf, - (int)(dataPtr - (ICHAR *)dataBuf)); -- if (s == next) -+ if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) - break; - *eventPP = s; - } -@@ -3261,11 +3263,11 @@ doCdataSection(XML_Parser parser, - if (MUST_CONVERT(enc, s)) { - for (;;) { - ICHAR *dataPtr = (ICHAR *)dataBuf; -- XmlConvert(enc, &s, next, &dataPtr, (ICHAR *)dataBufEnd); -+ const enum XML_Convert_Result convert_res = XmlConvert(enc, &s, next, &dataPtr, (ICHAR *)dataBufEnd); - *eventEndPP = next; - charDataHandler(handlerArg, dataBuf, - (int)(dataPtr - (ICHAR *)dataBuf)); -- if (s == next) -+ if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) - break; - *eventPP = s; - } -@@ -5342,6 +5344,7 @@ reportDefault(XML_Parser parser, const E - const char *s, const char *end) - { - if (MUST_CONVERT(enc, s)) { -+ enum XML_Convert_Result convert_res; - const char **eventPP; - const char **eventEndPP; - if (enc == encoding) { -@@ -5354,11 +5357,11 @@ reportDefault(XML_Parser parser, const E - } - do { - ICHAR *dataPtr = (ICHAR *)dataBuf; -- XmlConvert(enc, &s, end, &dataPtr, (ICHAR *)dataBufEnd); -+ convert_res = XmlConvert(enc, &s, end, &dataPtr, (ICHAR *)dataBufEnd); - *eventEndPP = s; - defaultHandler(handlerArg, dataBuf, (int)(dataPtr - (ICHAR *)dataBuf)); - *eventPP = s; -- } while (s != end); -+ } while ((convert_res != XML_CONVERT_COMPLETED) && (convert_res != XML_CONVERT_INPUT_INCOMPLETE)); - } - else - defaultHandler(handlerArg, (XML_Char *)s, (int)((XML_Char *)end - (XML_Char *)s)); -@@ -6163,8 +6166,8 @@ poolAppend(STRING_POOL *pool, const ENCO - if (!pool->ptr && !poolGrow(pool)) - return NULL; - for (;;) { -- XmlConvert(enc, &ptr, end, (ICHAR **)&(pool->ptr), (ICHAR *)pool->end); -- if (ptr == end) -+ const enum XML_Convert_Result convert_res = XmlConvert(enc, &ptr, end, (ICHAR **)&(pool->ptr), (ICHAR *)pool->end); -+ if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) - break; - if (!poolGrow(pool)) - return NULL; -@@ -6248,8 +6251,13 @@ poolGrow(STRING_POOL *pool) - } - } - if (pool->blocks && pool->start == pool->blocks->s) { -- int blockSize = (int)(pool->end - pool->start)*2; -- BLOCK *temp = (BLOCK *) -+ BLOCK *temp; -+ int blockSize = (int)((unsigned)(pool->end - pool->start)*2U); -+ -+ if (blockSize < 0) -+ return XML_FALSE; -+ -+ temp = (BLOCK *) - pool->mem->realloc_fcn(pool->blocks, - (offsetof(BLOCK, s) - + blockSize * sizeof(XML_Char))); -@@ -6264,6 +6272,10 @@ poolGrow(STRING_POOL *pool) - else { - BLOCK *tem; - int blockSize = (int)(pool->end - pool->start); -+ -+ if (blockSize < 0) -+ return XML_FALSE; -+ - if (blockSize < INIT_BLOCK_SIZE) - blockSize = INIT_BLOCK_SIZE; - else |