1From b75976e02999c453ae80bb1ade72f704a78b95ce Mon Sep 17 00:00:00 2001 2From: Nick Wellnhofer <wellnhofer@aevum.de> 3Date: Sun, 12 Mar 2023 19:06:19 +0100 4Subject: [PATCH] parser: Use size_t when subtracting input buffer pointers 5 6Avoid integer overflows. 7 8Reference:https://github.com/GNOME/libxml2/commit/b75976e02999c453ae80bb1ade72f704a78b95ce 9Conflict:NA 10 11--- 12 HTMLparser.c | 2 +- 13 parser.c | 5 +++-- 14 2 files changed, 4 insertions(+), 3 deletions(-) 15 16diff --git a/HTMLparser.c b/HTMLparser.c 17index 72ede56..b76218c 100644 18--- a/HTMLparser.c 19+++ b/HTMLparser.c 20@@ -3833,7 +3833,7 @@ htmlCheckEncodingDirect(htmlParserCtxtPtr ctxt, const xmlChar *encoding) { 21 (ctxt->input->buf->raw != NULL) && 22 (ctxt->input->buf->buffer != NULL)) { 23 int nbchars; 24- int processed; 25+ size_t processed; 26 27 /* 28 * convert as much as possible to the parser reading buffer. 29diff --git a/parser.c b/parser.c 30index c276a1a..75bd27f 100644 31--- a/parser.c 32+++ b/parser.c 33@@ -9267,7 +9267,7 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref, 34 int maxatts = ctxt->maxatts; 35 int nratts, nbatts, nbdef, inputid; 36 int i, j, nbNs, attval; 37- unsigned long cur; 38+ size_t cur; 39 int nsNr = ctxt->nsNr; 40 41 if (RAW != '<') return(NULL); 42@@ -11202,7 +11202,8 @@ xmlCheckCdataPush(const xmlChar *utf, int len, int complete) { 43 static int 44 xmlParseTryOrFinish(xmlParserCtxtPtr ctxt, int terminate) { 45 int ret = 0; 46- int avail, tlen; 47+ int tlen; 48+ size_t avail; 49 xmlChar cur, next; 50 const xmlChar *lastlt, *lastgt; 51 52-- 532.27.0 54 55