[libxml2/ddkilzer/fix-missing-xmlBuf-xmlBuffer-NUL-terminators: 3/3] Fix missing NUL terminators in xmlBuf and xmlBuffer functions

From: David Kilzer <ddkilzer src gnome org>
To: commits-list gnome org
Cc:
Subject: [libxml2/ddkilzer/fix-missing-xmlBuf-xmlBuffer-NUL-terminators: 3/3] Fix missing NUL terminators in xmlBuf and xmlBuffer functions
Date: Tue, 7 Jun 2022 01:44:33 +0000 (UTC)


commit e461bb26613f1eb9806a13f361d3406c6555f791
Author: David Kilzer <ddkilzer apple com>
Date:   Sun May 29 09:46:00 2022 -0700

    Fix missing NUL terminators in xmlBuf and xmlBuffer functions
    
    * buf.c:
    (xmlBufAddLen):
    - Change check for remaining space to account for the NUL
      terminator.  When adding a length exactly equal to the number
      of unused bytes, a NUL terminator was not written.
    (xmlBufResize):
    - Set `buf->use` and NUL terminator when allocating a new
      buffer.
    * tree.c:
    (xmlBufferResize):
    - Set `buf->use` and NUL terminator when allocating a new
      buffer.
    (xmlBufferAddHead):
    - Set NUL terminator before returning early when shifting
      contents.

 buf.c  | 9 ++++-----
 tree.c | 3 +++
 2 files changed, 7 insertions(+), 5 deletions(-)
---
diff --git a/buf.c b/buf.c
index ddebe371..161160a2 100644
--- a/buf.c
+++ b/buf.c
@@ -591,14 +591,11 @@ xmlBufAddLen(xmlBufPtr buf, size_t len) {
     if ((buf == NULL) || (buf->error))
         return(-1);
     CHECK_COMPAT(buf)
-    if (len > (buf->size - buf->use))
+    if (len >= (buf->size - buf->use))
         return(-1);
     buf->use += len;
+    buf->content[buf->use] = 0;
     UPDATE_COMPAT(buf)
-    if (buf->size > buf->use)
-        buf->content[buf->use] = 0;
-    else
-        return(-1);
     return(0);
 }
 
@@ -777,6 +774,8 @@ xmlBufResize(xmlBufPtr buf, size_t size)
     } else {
        if (buf->content == NULL) {
            rebuf = (xmlChar *) xmlMallocAtomic(newSize);
+           buf->use = 0;
+           rebuf[buf->use] = 0;
        } else if (buf->size - buf->use < 100) {
            rebuf = (xmlChar *) xmlRealloc(buf->content, newSize);
         } else {
diff --git a/tree.c b/tree.c
index e3e54128..33de5dfb 100644
--- a/tree.c
+++ b/tree.c
@@ -7562,6 +7562,8 @@ xmlBufferResize(xmlBufferPtr buf, unsigned int size)
     } else {
        if (buf->content == NULL) {
            rebuf = (xmlChar *) xmlMallocAtomic(newSize);
+           buf->use = 0;
+           rebuf[buf->use] = 0;
        } else if (buf->size - buf->use < 100) {
            rebuf = (xmlChar *) xmlRealloc(buf->content, newSize);
         } else {
@@ -7690,6 +7692,7 @@ xmlBufferAddHead(xmlBufferPtr buf, const xmlChar *str, int len) {
             memmove(&buf->content[0], str, len);
            buf->use += len;
            buf->size += len;
+            buf->content[buf->use] = 0;
            return(0);
        }
     }

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]