[libxml2/ddkilzer/fix-missing-xmlBuf-xmlBuffer-NUL-terminators] Fix missing NUL terminators in xmlBuf and xmlBuffer functions
- From: David Kilzer <ddkilzer src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [libxml2/ddkilzer/fix-missing-xmlBuf-xmlBuffer-NUL-terminators] Fix missing NUL terminators in xmlBuf and xmlBuffer functions
- Date: Sun, 29 May 2022 17:11:09 +0000 (UTC)
commit 78a4920847b4354bdb1cad999340200b6ee26a2b
Author: David Kilzer <ddkilzer apple com>
Date: Sun May 29 09:46:00 2022 -0700
Fix missing NUL terminators in xmlBuf and xmlBuffer functions
* buf.c:
(xmlBufGrowInternal):
- Always set NUL terminator at the end of the current buffer.
Code paths that resized the buffer failed to set the NUL
termintor.
(xmlBufAddLen):
- Change check for remaining space to account for the NUL
terminator. When adding a length exactly equal to the number
of unused bytes, a NUL terminator was not written.
(xmlBufResize):
- Move setting of NUL terminator to common code. More than one
path through the function failed to set a NUL terminator.
* tree.c:
(xmlBufferGrow):
- Always set NUL terminator at the end of the current buffer.
Resizing the buffer failed to set the NUL termintor.
(xmlBufferResize):
- Move setting of NUL terminator to common code. More than one
path through the function failed to set a NUL terminator.
(xmlBufferAddHead):
- Set NUL terminator before returning early when shifting
contents.
buf.c | 11 ++++-------
tree.c | 5 +++--
2 files changed, 7 insertions(+), 9 deletions(-)
---
diff --git a/buf.c b/buf.c
index 0a798f59..b9bc2f30 100644
--- a/buf.c
+++ b/buf.c
@@ -478,6 +478,7 @@ xmlBufGrowInternal(xmlBufPtr buf, size_t len) {
buf->content = newbuf;
}
buf->size = size;
+ buf->content[buf->use] = 0;
UPDATE_COMPAT(buf)
return(buf->size - buf->use);
}
@@ -591,14 +592,11 @@ xmlBufAddLen(xmlBufPtr buf, size_t len) {
if ((buf == NULL) || (buf->error))
return(-1);
CHECK_COMPAT(buf)
- if (len > (buf->size - buf->use))
+ if (len >= (buf->size - buf->use))
return(-1);
buf->use += len;
+ buf->content[buf->use] = 0;
UPDATE_COMPAT(buf)
- if (buf->size > buf->use)
- buf->content[buf->use] = 0;
- else
- return(-1);
return(0);
}
@@ -762,7 +760,6 @@ xmlBufResize(xmlBufPtr buf, size_t size)
/* move data back to start */
memmove(buf->contentIO, buf->content, buf->use);
buf->content = buf->contentIO;
- buf->content[buf->use] = 0;
buf->size += start_buf;
} else {
rebuf = (xmlChar *) xmlRealloc(buf->contentIO, start_buf + newSize);
@@ -788,7 +785,6 @@ xmlBufResize(xmlBufPtr buf, size_t size)
if (rebuf != NULL) {
memcpy(rebuf, buf->content, buf->use);
xmlFree(buf->content);
- rebuf[buf->use] = 0;
}
}
if (rebuf == NULL) {
@@ -798,6 +794,7 @@ xmlBufResize(xmlBufPtr buf, size_t size)
buf->content = rebuf;
}
buf->size = newSize;
+ buf->content[buf->use] = 0;
UPDATE_COMPAT(buf)
return 1;
diff --git a/tree.c b/tree.c
index df17fa33..b5d94c57 100644
--- a/tree.c
+++ b/tree.c
@@ -7400,6 +7400,7 @@ xmlBufferGrow(xmlBufferPtr buf, unsigned int len) {
buf->content = newbuf;
}
buf->size = size;
+ buf->content[buf->use] = 0;
return(buf->size - buf->use);
}
@@ -7548,7 +7549,6 @@ xmlBufferResize(xmlBufferPtr buf, unsigned int size)
/* move data back to start */
memmove(buf->contentIO, buf->content, buf->use);
buf->content = buf->contentIO;
- buf->content[buf->use] = 0;
buf->size += start_buf;
} else {
rebuf = (xmlChar *) xmlRealloc(buf->contentIO, start_buf + newSize);
@@ -7574,7 +7574,6 @@ xmlBufferResize(xmlBufferPtr buf, unsigned int size)
if (rebuf != NULL) {
memcpy(rebuf, buf->content, buf->use);
xmlFree(buf->content);
- rebuf[buf->use] = 0;
}
}
if (rebuf == NULL) {
@@ -7584,6 +7583,7 @@ xmlBufferResize(xmlBufferPtr buf, unsigned int size)
buf->content = rebuf;
}
buf->size = newSize;
+ buf->content[buf->use] = 0;
return 1;
}
@@ -7690,6 +7690,7 @@ xmlBufferAddHead(xmlBufferPtr buf, const xmlChar *str, int len) {
memmove(&buf->content[0], str, len);
buf->use += len;
buf->size += len;
+ buf->content[buf->use] = 0;
return(0);
}
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]