• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1From 85057e513111f69f5a8af94f3a82899d23d4c057 Mon Sep 17 00:00:00 2001
2From: Nick Wellnhofer <wellnhofer@aevum.de>
3Date: Tue, 21 Feb 2023 15:24:19 +0100
4Subject: [PATCH] regexp: Add sanity check in xmlRegCalloc2
5
6These arguments should be non-zero, but add a sanity check to avoid
7division by zero.
8
9Fixes #450.
10
11Reference:https://github.com/GNOME/libxml2/commit/85057e513111f69f5a8af94f3a82899d23d4c057
12Conflict:NA
13---
14 xmlregexp.c | 3 ++-
15 1 file changed, 2 insertions(+), 1 deletion(-)
16
17diff --git a/xmlregexp.c b/xmlregexp.c
18index e7c48a4..cc4ae6f 100644
19--- a/xmlregexp.c
20+++ b/xmlregexp.c
21@@ -443,7 +443,8 @@ xmlRegCalloc2(size_t dim1, size_t dim2, size_t elemSize) {
22     void *ret;
23
24     /* Check for overflow */
25-    if (dim1 > SIZE_MAX / dim2 / elemSize)
26+    if ((dim2 == 0) || (elemSize == 0) ||
27+        (dim1 > SIZE_MAX / dim2 / elemSize))
28         return (NULL);
29     totalSize = dim1 * dim2 * elemSize;
30     ret = xmlMalloc(totalSize);
31--
322.27.0
33
34