1From d58bff6125f066689a872113123152fdcfe693cc Mon Sep 17 00:00:00 2001 2From: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk> 3Date: Thu, 1 Dec 2022 12:53:15 +0000 4Subject: [PATCH 27/28] Avoid creating an out-of-bounds pointer by rewriting a 5 check 6 7Creating more than one-past-the-end pointers is undefined behaviour in C 8and while this code is unlikely to be miscompiled, I discovered that an 9out-of-bounds pointer is being created using UBSan on a CHERI-enabled 10system. 11 12Reference: https://github.com/GNOME/libxml2/commit/c715ded0861af956ba584f566bc7db6717f519d0 13Conflict: NA 14--- 15 HTMLparser.c | 2 +- 16 1 file changed, 1 insertion(+), 1 deletion(-) 17 18diff --git a/HTMLparser.c b/HTMLparser.c 19index 746edf6..60dea30 100644 20--- a/HTMLparser.c 21+++ b/HTMLparser.c 22@@ -2333,7 +2333,7 @@ htmlEncodeEntities(unsigned char* out, int *outlen, 23 else 24 cp = ent->name; 25 len = strlen(cp); 26- if (out + 2 + len > outend) 27+ if (outend - out < len + 2) 28 break; 29 *out++ = '&'; 30 memcpy(out, cp, len); 31-- 322.27.0 33 34