[libxml2/ddkilzer/fix-integer-overflow-xmlBufferDump] Fix integer overflow in xmlBufferDump()

From: David Kilzer <ddkilzer src gnome org>
To: commits-list gnome org
Cc:
Subject: [libxml2/ddkilzer/fix-integer-overflow-xmlBufferDump] Fix integer overflow in xmlBufferDump()
Date: Sat, 28 May 2022 15:10:44 +0000 (UTC)


commit fd884c6b5913dd51b26504df97cb6074b3f50e78
Author: David Kilzer <ddkilzer apple com>
Date:   Sat May 28 08:08:29 2022 -0700

    Fix integer overflow in xmlBufferDump()
    
    * tree.c:
    (xmlBufferDump):
    - Cap the return value to INT_MAX.

 tree.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/tree.c b/tree.c
index df17fa33..e3e54128 100644
--- a/tree.c
+++ b/tree.c
@@ -7413,7 +7413,7 @@ xmlBufferGrow(xmlBufferPtr buf, unsigned int len) {
  */
 int
 xmlBufferDump(FILE *file, xmlBufferPtr buf) {
-    int ret;
+    size_t ret;
 
     if (buf == NULL) {
 #ifdef DEBUG_BUFFER
@@ -7432,7 +7432,7 @@ xmlBufferDump(FILE *file, xmlBufferPtr buf) {
     if (file == NULL)
        file = stdout;
     ret = fwrite(buf->content, sizeof(xmlChar), buf->use, file);
-    return(ret);
+    return(ret > INT_MAX ? INT_MAX : (int)ret);
 }
 
 /**

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]