diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' libxml/buf.c libxml_h2/buf.c *** libxml/buf.c 2022-08-26 14:57:24.304000000 +0800 --- libxml_h2/buf.c 2022-08-26 14:56:16.844000000 +0800 *************** *** 30,35 **** --- 30,39 ---- #include /* for XML_MAX_TEXT_LENGTH */ #include "buf.h" + #ifndef SIZE_MAX + #define SIZE_MAX ((size_t) -1) + #endif + #define WITH_BUFFER_COMPAT /** *************** *** 156,161 **** --- 160,167 ---- xmlBufCreateSize(size_t size) { xmlBufPtr ret; + if (size == SIZE_MAX) + return(NULL); ret = (xmlBufPtr) xmlMalloc(sizeof(xmlBuf)); if (ret == NULL) { xmlBufMemoryError(NULL, "creating buffer"); *************** *** 166,173 **** ret->error = 0; ret->buffer = NULL; ret->alloc = xmlBufferAllocScheme; ! ret->size = (size ? size+2 : 0); /* +1 for ending null */ ! ret->compat_size = (int) ret->size; if (ret->size){ ret->content = (xmlChar *) xmlMallocAtomic(ret->size * sizeof(xmlChar)); if (ret->content == NULL) { --- 172,179 ---- ret->error = 0; ret->buffer = NULL; ret->alloc = xmlBufferAllocScheme; ! ret->size = (size ? size + 1 : 0); /* +1 for ending null */ ! ret->compat_size = (ret->size > INT_MAX ? INT_MAX : ret->size); if (ret->size){ ret->content = (xmlChar *) xmlMallocAtomic(ret->size * sizeof(xmlChar)); if (ret->content == NULL) { *************** *** 442,464 **** CHECK_COMPAT(buf) if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0); ! if (buf->use + len < buf->size) return(buf->size - buf->use); ! /* ! * Windows has a BIG problem on realloc timing, so we try to double ! * the buffer size (if that's enough) (bug 146697) ! * Apparently BSD too, and it's probably best for linux too ! * On an embedded system this may be something to change ! */ ! #if 1 ! if (buf->size > (size_t) len) ! size = buf->size * 2; ! else ! size = buf->use + len + 100; ! #else ! size = buf->use + len + 100; ! #endif if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) { /* --- 448,464 ---- CHECK_COMPAT(buf) if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0); ! if (len < buf->size - buf->use) return(buf->size - buf->use); + if (len > SIZE_MAX - buf->use) + return(0); ! if (buf->size > (size_t) len) { ! size = buf->size > SIZE_MAX / 2 ? SIZE_MAX : buf->size * 2; ! } else { ! size = buf->use + len; ! size = size > SIZE_MAX - 100 ? SIZE_MAX : size + 100; ! } if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) { /* *************** *** 744,750 **** int xmlBufResize(xmlBufPtr buf, size_t size) { ! unsigned int newSize; xmlChar* rebuf = NULL; size_t start_buf; --- 744,750 ---- int xmlBufResize(xmlBufPtr buf, size_t size) { ! size_t newSize; xmlChar* rebuf = NULL; size_t start_buf; *************** *** 772,780 **** case XML_BUFFER_ALLOC_IO: case XML_BUFFER_ALLOC_DOUBLEIT: /*take care of empty case*/ ! newSize = (buf->size ? buf->size*2 : size + 10); while (size > newSize) { ! if (newSize > UINT_MAX / 2) { xmlBufMemoryError(buf, "growing buffer"); return 0; } --- 772,784 ---- case XML_BUFFER_ALLOC_IO: case XML_BUFFER_ALLOC_DOUBLEIT: /*take care of empty case*/ ! if (buf->size == 0) { ! newSize = (size > SIZE_MAX - 10 ? SIZE_MAX : size + 10); ! } else { ! newSize = buf->size; ! } while (size > newSize) { ! if (newSize > SIZE_MAX / 2) { xmlBufMemoryError(buf, "growing buffer"); return 0; } *************** *** 782,796 **** } break; case XML_BUFFER_ALLOC_EXACT: ! newSize = size+10; break; case XML_BUFFER_ALLOC_HYBRID: if (buf->use < BASE_BUFFER_SIZE) newSize = size; else { ! newSize = buf->size * 2; while (size > newSize) { ! if (newSize > UINT_MAX / 2) { xmlBufMemoryError(buf, "growing buffer"); return 0; } --- 786,800 ---- } break; case XML_BUFFER_ALLOC_EXACT: ! newSize = (size > SIZE_MAX - 10 ? SIZE_MAX : size + 10); break; case XML_BUFFER_ALLOC_HYBRID: if (buf->use < BASE_BUFFER_SIZE) newSize = size; else { ! newSize = buf->size; while (size > newSize) { ! if (newSize > SIZE_MAX / 2) { xmlBufMemoryError(buf, "growing buffer"); return 0; } *************** *** 800,806 **** break; default: ! newSize = size+10; break; } --- 804,810 ---- break; default: ! newSize = (size > SIZE_MAX - 10 ? SIZE_MAX : size + 10); break; } *************** *** 866,872 **** */ int xmlBufAdd(xmlBufPtr buf, const xmlChar *str, int len) { ! unsigned int needSize; if ((str == NULL) || (buf == NULL) || (buf->error)) return -1; --- 870,876 ---- */ int xmlBufAdd(xmlBufPtr buf, const xmlChar *str, int len) { ! size_t needSize; if ((str == NULL) || (buf == NULL) || (buf->error)) return -1; *************** *** 888,895 **** if (len < 0) return -1; if (len == 0) return 0; ! needSize = buf->use + len + 2; ! if (needSize > buf->size){ if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) { /* * Used to provide parsing limits --- 892,901 ---- if (len < 0) return -1; if (len == 0) return 0; ! if ((size_t) len >= buf->size - buf->use) { ! if ((size_t) len >= SIZE_MAX - buf->use) ! return(-1); ! needSize = buf->use + len + 1; if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) { /* * Used to provide parsing limits *************** *** 1025,1055 **** */ int xmlBufCCat(xmlBufPtr buf, const char *str) { ! const char *cur; ! ! if ((buf == NULL) || (buf->error)) ! return(-1); ! CHECK_COMPAT(buf) ! if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return -1; ! if (str == NULL) { ! #ifdef DEBUG_BUFFER ! xmlGenericError(xmlGenericErrorContext, ! "xmlBufCCat: str == NULL\n"); ! #endif ! return -1; ! } ! for (cur = str;*cur != 0;cur++) { ! if (buf->use + 10 >= buf->size) { ! if (!xmlBufResize(buf, buf->use+10)){ ! xmlBufMemoryError(buf, "growing buffer"); ! return XML_ERR_NO_MEMORY; ! } ! } ! buf->content[buf->use++] = *cur; ! } ! buf->content[buf->use] = 0; ! UPDATE_COMPAT(buf) ! return 0; } /** --- 1031,1037 ---- */ int xmlBufCCat(xmlBufPtr buf, const char *str) { ! return xmlBufCat(buf, (const xmlChar *) str); } /** diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' libxml/HUAWEI-RELEASE libxml_h2/HUAWEI-RELEASE *** libxml/HUAWEI-RELEASE 1970-01-01 08:00:00.000000000 +0800 --- libxml_h2/HUAWEI-RELEASE 2022-08-26 14:56:16.840000000 +0800 *************** *** 0 **** --- 1 ---- + RELEASE: h2 \ No newline at end of file diff -crN '--exclude=.git' '--exclude=.gitee' '--exclude=.vscode' libxml/tree.c libxml_h2/tree.c *** libxml/tree.c 2022-08-26 14:57:24.572000000 +0800 --- libxml_h2/tree.c 2022-08-26 14:56:17.112000000 +0800 *************** *** 7104,7109 **** --- 7104,7111 ---- xmlBufferCreateSize(size_t size) { xmlBufferPtr ret; + if (size >= UINT_MAX) + return(NULL); ret = (xmlBufferPtr) xmlMalloc(sizeof(xmlBuffer)); if (ret == NULL) { xmlTreeErrMemory("creating buffer"); *************** *** 7111,7117 **** } ret->use = 0; ret->alloc = xmlBufferAllocScheme; ! ret->size = (size ? size+2 : 0); /* +1 for ending null */ if (ret->size){ ret->content = (xmlChar *) xmlMallocAtomic(ret->size * sizeof(xmlChar)); if (ret->content == NULL) { --- 7113,7119 ---- } ret->use = 0; ret->alloc = xmlBufferAllocScheme; ! ret->size = (size ? size + 1 : 0); /* +1 for ending null */ if (ret->size){ ret->content = (xmlChar *) xmlMallocAtomic(ret->size * sizeof(xmlChar)); if (ret->content == NULL) { *************** *** 7171,7176 **** --- 7173,7180 ---- if ((mem == NULL) || (size == 0)) return(NULL); + if (size > UINT_MAX) + return(NULL); ret = (xmlBufferPtr) xmlMalloc(sizeof(xmlBuffer)); if (ret == NULL) { *************** *** 7318,7345 **** */ int xmlBufferGrow(xmlBufferPtr buf, unsigned int len) { ! int size; xmlChar *newbuf; if (buf == NULL) return(-1); if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0); ! if (len + buf->use < buf->size) return(0); ! /* ! * Windows has a BIG problem on realloc timing, so we try to double ! * the buffer size (if that's enough) (bug 146697) ! * Apparently BSD too, and it's probably best for linux too ! * On an embedded system this may be something to change ! */ ! #if 1 ! if (buf->size > len) ! size = buf->size * 2; ! else ! size = buf->use + len + 100; ! #else ! size = buf->use + len + 100; ! #endif if ((buf->alloc == XML_BUFFER_ALLOC_IO) && (buf->contentIO != NULL)) { size_t start_buf = buf->content - buf->contentIO; --- 7322,7344 ---- */ int xmlBufferGrow(xmlBufferPtr buf, unsigned int len) { ! unsigned int size; xmlChar *newbuf; if (buf == NULL) return(-1); if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0); ! if (len < buf->size - buf->use) ! return(0); ! if (len > UINT_MAX - buf->use) ! return(-1); ! if (buf->size > (size_t) len) { ! size = buf->size > UINT_MAX / 2 ? UINT_MAX : buf->size * 2; ! } else { ! size = buf->use + len; ! size = size > UINT_MAX - 100 ? UINT_MAX : size + 100; ! } if ((buf->alloc == XML_BUFFER_ALLOC_IO) && (buf->contentIO != NULL)) { size_t start_buf = buf->content - buf->contentIO; *************** *** 7466,7472 **** case XML_BUFFER_ALLOC_IO: case XML_BUFFER_ALLOC_DOUBLEIT: /*take care of empty case*/ ! newSize = (buf->size ? buf->size : size + 10); while (size > newSize) { if (newSize > UINT_MAX / 2) { xmlTreeErrMemory("growing buffer"); --- 7465,7474 ---- case XML_BUFFER_ALLOC_IO: case XML_BUFFER_ALLOC_DOUBLEIT: /*take care of empty case*/ ! if (buf->size == 0) ! newSize = (size > UINT_MAX - 10 ? UINT_MAX : size + 10); ! else ! newSize = buf->size; while (size > newSize) { if (newSize > UINT_MAX / 2) { xmlTreeErrMemory("growing buffer"); *************** *** 7476,7482 **** } break; case XML_BUFFER_ALLOC_EXACT: ! newSize = size+10; break; case XML_BUFFER_ALLOC_HYBRID: if (buf->use < BASE_BUFFER_SIZE) --- 7478,7484 ---- } break; case XML_BUFFER_ALLOC_EXACT: ! newSize = (size > UINT_MAX - 10 ? UINT_MAX : size + 10);; break; case XML_BUFFER_ALLOC_HYBRID: if (buf->use < BASE_BUFFER_SIZE) *************** *** 7494,7500 **** break; default: ! newSize = size+10; break; } --- 7496,7502 ---- break; default: ! newSize = (size > UINT_MAX - 10 ? UINT_MAX : size + 10);; break; } *************** *** 7580,7587 **** if (len < 0) return -1; if (len == 0) return 0; ! needSize = buf->use + len + 2; ! if (needSize > buf->size){ if (!xmlBufferResize(buf, needSize)){ xmlTreeErrMemory("growing buffer"); return XML_ERR_NO_MEMORY; --- 7582,7591 ---- if (len < 0) return -1; if (len == 0) return 0; ! if ((unsigned) len >= buf->size - buf->use) { ! if ((unsigned) len >= UINT_MAX - buf->use) ! return XML_ERR_NO_MEMORY; ! needSize = buf->use + len + 1; if (!xmlBufferResize(buf, needSize)){ xmlTreeErrMemory("growing buffer"); return XML_ERR_NO_MEMORY; *************** *** 7694,7722 **** */ int xmlBufferCCat(xmlBufferPtr buf, const char *str) { ! const char *cur; ! ! if (buf == NULL) ! return(-1); ! if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return -1; ! if (str == NULL) { ! #ifdef DEBUG_BUFFER ! xmlGenericError(xmlGenericErrorContext, ! "xmlBufferCCat: str == NULL\n"); ! #endif ! return -1; ! } ! for (cur = str;*cur != 0;cur++) { ! if (buf->use + 10 >= buf->size) { ! if (!xmlBufferResize(buf, buf->use+10)){ ! xmlTreeErrMemory("growing buffer"); ! return XML_ERR_NO_MEMORY; ! } ! } ! buf->content[buf->use++] = *cur; ! } ! buf->content[buf->use] = 0; ! return 0; } /** --- 7698,7704 ---- */ int xmlBufferCCat(xmlBufferPtr buf, const char *str) { ! return xmlBufferCat(buf, (const xmlChar *) str); } /**