From 6a3374989c40b060b19d1c1ac1b1a63c0c0819ed Mon Sep 17 00:00:00 2001 From: Pascal Cuoq Date: Sun, 15 May 2016 19:11:55 +0200 Subject: [PATCH] Avoid undefined behavior when computing larger blockSize. The compiler might reason that (end - start)*2 is negative only if (end - start) is negative, see https://godbolt.org/g/wVEoTM --- src/expat/lib/xmlparse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/expat/lib/xmlparse.c b/src/expat/lib/xmlparse.c index 09c9875844..373aa4b38b 100644 --- a/src/expat/lib/xmlparse.c +++ b/src/expat/lib/xmlparse.c @@ -6264,7 +6264,7 @@ poolGrow(STRING_POOL *pool) } if (pool->blocks && pool->start == pool->blocks->s) { BLOCK *temp; - int blockSize = (int)(pool->end - pool->start)*2; + int blockSize = (int)((unsigned)(pool->end - pool->start)*2U); if (blockSize < 0) return XML_FALSE;