153aa9179Sopenharmony_ciFrom a6df42e649acacb55be832222d1f3f50c66720ff Mon Sep 17 00:00:00 2001 253aa9179Sopenharmony_ciFrom: David Kilzer <ddkilzer@apple.com> 353aa9179Sopenharmony_ciDate: Sat, 28 May 2022 08:08:29 -0700 453aa9179Sopenharmony_ciSubject: [PATCH 296/300] Fix integer overflow in xmlBufferDump() 553aa9179Sopenharmony_ci 653aa9179Sopenharmony_ci* tree.c: 753aa9179Sopenharmony_ci(xmlBufferDump): 853aa9179Sopenharmony_ci- Cap the return value to INT_MAX. 953aa9179Sopenharmony_ci 1053aa9179Sopenharmony_ciReference:https://github.com/GNOME/libxml2/commit/a6df42e649acacb55be832222d1f3f50c66720ff 1153aa9179Sopenharmony_ciConflict:NA 1253aa9179Sopenharmony_ci 1353aa9179Sopenharmony_ci--- 1453aa9179Sopenharmony_ci tree.c | 4 ++-- 1553aa9179Sopenharmony_ci 1 file changed, 2 insertions(+), 2 deletions(-) 1653aa9179Sopenharmony_ci 1753aa9179Sopenharmony_cidiff --git a/tree.c b/tree.c 1853aa9179Sopenharmony_ciindex 0cf2483..3dff195 100644 1953aa9179Sopenharmony_ci--- a/tree.c 2053aa9179Sopenharmony_ci+++ b/tree.c 2153aa9179Sopenharmony_ci@@ -7380,7 +7380,7 @@ xmlBufferGrow(xmlBufferPtr buf, unsigned int len) { 2253aa9179Sopenharmony_ci */ 2353aa9179Sopenharmony_ci int 2453aa9179Sopenharmony_ci xmlBufferDump(FILE *file, xmlBufferPtr buf) { 2553aa9179Sopenharmony_ci- int ret; 2653aa9179Sopenharmony_ci+ size_t ret; 2753aa9179Sopenharmony_ci 2853aa9179Sopenharmony_ci if (buf == NULL) { 2953aa9179Sopenharmony_ci #ifdef DEBUG_BUFFER 3053aa9179Sopenharmony_ci@@ -7399,7 +7399,7 @@ xmlBufferDump(FILE *file, xmlBufferPtr buf) { 3153aa9179Sopenharmony_ci if (file == NULL) 3253aa9179Sopenharmony_ci file = stdout; 3353aa9179Sopenharmony_ci ret = fwrite(buf->content, sizeof(xmlChar), buf->use, file); 3453aa9179Sopenharmony_ci- return(ret); 3553aa9179Sopenharmony_ci+ return(ret > INT_MAX ? INT_MAX : (int)ret); 3653aa9179Sopenharmony_ci } 3753aa9179Sopenharmony_ci 3853aa9179Sopenharmony_ci /** 3953aa9179Sopenharmony_ci-- 4053aa9179Sopenharmony_ci2.27.0 4153aa9179Sopenharmony_ci 42