Re: libxml2 commit 65c7d3b2e6506283eecd19a23dcf0122fbcdac33



Hi,

On Mon, Aug 6, 2012 at 3:05 AM, Daniel Veillard <veillard redhat com> wrote:
> mistake done circa 98-99 IIRC and a bit late to fix ... The problem are
> that those buffers were using int instead of size_t for various size
> leading to a variety of troubles including security ones. How to fix
> that while keeping everything pblic API and ABI compatible ?
One idea (if you're sure consumers are just reading the public
structure and not allocating/writing to it):

struct xmlExtendedBuffer {
   xmlBuffer compatBuffer;
   size_t realSize;
}

Then when allocating e.g., an output buffer:

outputBuffer->buffer = &extendedBuffer->compatBuffer;

and any time you need to get at the extended buffer do:

extendedBuffer = (xmExtendedBufferPtr) outputBuffer->buffer;

Any time you need to adjust the size of the buffer, adjust
extendedBuffer->realSize, and then do
extendedBuffer->compatBuffer.size = (int) extendedBuffer->realSize;

Though, sizeof(size_t) == sizeof(int) on 32-bit arches so i'm a little
unsure how swapping one for the other could fix overflow problems.

--Ray


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]