1--- 2 xmlreader.c | 36 +++++++++++++++++------------------- 3 1 file changed, 17 insertions(+), 19 deletions(-) 4 5diff --git a/xmlreader.c b/xmlreader.c 6index ac97bde..193a5d4 100644 7--- a/xmlreader.c 8+++ b/xmlreader.c 9@@ -676,30 +676,23 @@ xmlTextReaderDebug(xmlTextReaderPtr reader) { 10 * 11 * Pushes a new entity reference node on top of the entities stack 12 * 13- * Returns 0 in case of error, the index in the stack otherwise 14+ * Returns -1 in case of error, the index in the stack otherwise 15 */ 16 static int 17 xmlTextReaderEntPush(xmlTextReaderPtr reader, xmlNodePtr value) 18 { 19- if (reader->entMax <= 0) { 20- reader->entMax = 10; 21- reader->entTab = (xmlNodePtr *) xmlMalloc(reader->entMax * 22- sizeof(reader->entTab[0])); 23- if (reader->entTab == NULL) { 24- xmlGenericError(xmlGenericErrorContext, "xmlMalloc failed !\n"); 25- return (0); 26- } 27- } 28 if (reader->entNr >= reader->entMax) { 29- reader->entMax *= 2; 30- reader->entTab = 31- (xmlNodePtr *) xmlRealloc(reader->entTab, 32- reader->entMax * 33- sizeof(reader->entTab[0])); 34- if (reader->entTab == NULL) { 35+ size_t newSize = reader->entMax == 0 ? 10 : reader->entMax * 2; 36+ xmlNodePtr *tmp; 37+ 38+ tmp = (xmlNodePtr *) xmlRealloc(reader->entTab, 39+ newSize * sizeof(*tmp)); 40+ if (tmp == NULL) { 41 xmlGenericError(xmlGenericErrorContext, "xmlRealloc failed !\n"); 42- return (0); 43+ return (-1); 44 } 45+ reader->entTab = tmp; 46+ reader->entMax = newSize; 47 } 48 reader->entTab[reader->entNr] = value; 49 reader->ent = value; 50@@ -1174,7 +1167,11 @@ xmlTextReaderValidateEntity(xmlTextReaderPtr reader) { 51 if ((node->children != NULL) && 52 (node->children->type == XML_ENTITY_DECL) && 53 (node->children->children != NULL)) { 54- xmlTextReaderEntPush(reader, node); 55+ if (xmlTextReaderEntPush(reader, node) < 0) { 56+ if (node == oldnode) 57+ break; 58+ goto skip_children; 59+ } 60 node = node->children->children; 61 continue; 62 } else { 63@@ -1621,7 +1618,8 @@ node_found: 64 if ((reader->node->children != NULL) && 65 (reader->node->children->type == XML_ENTITY_DECL) && 66 (reader->node->children->children != NULL)) { 67- xmlTextReaderEntPush(reader, reader->node); 68+ if (xmlTextReaderEntPush(reader, reader->node) < 0) 69+ goto get_next_node; 70 reader->node = reader->node->children->children; 71 } 72 #ifdef LIBXML_REGEXP_ENABLED 73-- 742.27.0 75 76ush(reader, reader->node); 77+ if (xmlTextReaderEntPush(reader, reader->node) < 0) 78+ goto get_next_node; 79 reader->node = reader->node->children->children; 80 } 81 #ifdef LIBXML_REGEXP_ENABLED 82-- 832.27.0 84 85