Re: libxml2 commit 65c7d3b2e6506283eecd19a23dcf0122fbcdac33
- From: Ray Strode <halfline gmail com>
- To: veillard redhat com
- Cc: desktop-devel-list <desktop-devel-list gnome org>, Colin Walters <walters verbum org>
- Subject: Re: libxml2 commit 65c7d3b2e6506283eecd19a23dcf0122fbcdac33
- Date: Tue, 7 Aug 2012 21:45:34 -0400
Hi,
On Mon, Aug 6, 2012 at 3:05 AM, Daniel Veillard <veillard redhat com> wrote:
> mistake done circa 98-99 IIRC and a bit late to fix ... The problem are
> that those buffers were using int instead of size_t for various size
> leading to a variety of troubles including security ones. How to fix
> that while keeping everything pblic API and ABI compatible ?
One idea (if you're sure consumers are just reading the public
structure and not allocating/writing to it):
struct xmlExtendedBuffer {
xmlBuffer compatBuffer;
size_t realSize;
}
Then when allocating e.g., an output buffer:
outputBuffer->buffer = &extendedBuffer->compatBuffer;
and any time you need to get at the extended buffer do:
extendedBuffer = (xmExtendedBufferPtr) outputBuffer->buffer;
Any time you need to adjust the size of the buffer, adjust
extendedBuffer->realSize, and then do
extendedBuffer->compatBuffer.size = (int) extendedBuffer->realSize;
Though, sizeof(size_t) == sizeof(int) on 32-bit arches so i'm a little
unsure how swapping one for the other could fix overflow problems.
--Ray
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]