Re: libxml2 commit 65c7d3b2e6506283eecd19a23dcf0122fbcdac33

From: Ray Strode <halfline gmail com>
To: veillard redhat com
Cc: desktop-devel-list <desktop-devel-list gnome org>, Colin Walters <walters verbum org>
Subject: Re: libxml2 commit 65c7d3b2e6506283eecd19a23dcf0122fbcdac33
Date: Tue, 7 Aug 2012 21:45:34 -0400

Hi,

On Mon, Aug 6, 2012 at 3:05 AM, Daniel Veillard <veillard redhat com> wrote:
> mistake done circa 98-99 IIRC and a bit late to fix ... The problem are
> that those buffers were using int instead of size_t for various size
> leading to a variety of troubles including security ones. How to fix
> that while keeping everything pblic API and ABI compatible ?
One idea (if you're sure consumers are just reading the public
structure and not allocating/writing to it):

struct xmlExtendedBuffer {
   xmlBuffer compatBuffer;
   size_t realSize;
}

Then when allocating e.g., an output buffer:

outputBuffer->buffer = &extendedBuffer->compatBuffer;

and any time you need to get at the extended buffer do:

extendedBuffer = (xmExtendedBufferPtr) outputBuffer->buffer;

Any time you need to adjust the size of the buffer, adjust
extendedBuffer->realSize, and then do
extendedBuffer->compatBuffer.size = (int) extendedBuffer->realSize;

Though, sizeof(size_t) == sizeof(int) on 32-bit arches so i'm a little
unsure how swapping one for the other could fix overflow problems.

--Ray

Follow-Ups:
- Re: libxml2 commit 65c7d3b2e6506283eecd19a23dcf0122fbcdac33
  - From: Daniel Veillard

References:
- libxml2 commit 65c7d3b2e6506283eecd19a23dcf0122fbcdac33
  - From: Colin Walters
- Re: libxml2 commit 65c7d3b2e6506283eecd19a23dcf0122fbcdac33
  - From: Daniel Veillard

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]