Amebis/wxWidgets
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Do not compare an out-of-bounds pointer. See https://lwn.net/Articles/278137/

Browse Source
This commit is contained in:
Pascal Cuoq
2016-05-15 20:05:50 +02:00
committed by Vadim Zeitlin
parent 6a3374989c
commit 06ea3e152c
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/expat/lib/xmltok.c
View File

@@ -359,7 +359,7 @@ utf8_toUtf16(const ENCODING *enc,
while (from < fromLim && to < toLim) { while (from < fromLim && to < toLim) {
switch (((struct normal_encoding *)enc)->type[(unsigned char)*from]) { switch (((struct normal_encoding *)enc)->type[(unsigned char)*from]) {
case BT_LEAD2: case BT_LEAD2:
if (from + 2 > fromLim) { if (fromLim - from < 2) {
res = XML_CONVERT_INPUT_INCOMPLETE; res = XML_CONVERT_INPUT_INCOMPLETE;
break; break;
} }
@@ -367,7 +367,7 @@ utf8_toUtf16(const ENCODING *enc,
from += 2; from += 2;
break; break;
case BT_LEAD3: case BT_LEAD3:
if (from + 3 > fromLim) { if (fromLim - from < 3) {
res = XML_CONVERT_INPUT_INCOMPLETE; res = XML_CONVERT_INPUT_INCOMPLETE;
break; break;
} }
@@ -378,11 +378,11 @@ utf8_toUtf16(const ENCODING *enc,
case BT_LEAD4: case BT_LEAD4:
{ {
unsigned long n; unsigned long n;
if (to + 2 > toLim) { if (toLim - to < 2) {
res = XML_CONVERT_OUTPUT_EXHAUSTED; res = XML_CONVERT_OUTPUT_EXHAUSTED;
goto after; goto after;
} }
if (from + 4 > fromLim) { if (fromLim - from < 4) {
res = XML_CONVERT_INPUT_INCOMPLETE; res = XML_CONVERT_INPUT_INCOMPLETE;
goto after; goto after;
} }
@@ -620,7 +620,7 @@ E ## toUtf8(const ENCODING *enc, \
*fromP = from; \ *fromP = from; \
return XML_CONVERT_OUTPUT_EXHAUSTED; \ return XML_CONVERT_OUTPUT_EXHAUSTED; \
} \ } \
if (from + 4 > fromLim) { \ if (fromLim - from < 4) { \
*fromP = from; \ *fromP = from; \
return XML_CONVERT_INPUT_INCOMPLETE; \ return XML_CONVERT_INPUT_INCOMPLETE; \
} \ } \