1From 4ce2abf6f656b3e78ad40e33191a8b42561c10b0 Mon Sep 17 00:00:00 2001
2From: David Kilzer <ddkilzer@apple.com>
3Date: Sun, 29 May 2022 09:46:00 -0700
4Subject: [PATCH 299/300] Fix missing NUL terminators in xmlBuf and xmlBuffer
5 functions
6
7* buf.c:
8(xmlBufAddLen):
9- Change check for remaining space to account for the NUL
10  terminator.  When adding a length exactly equal to the number
11  of unused bytes, a NUL terminator was not written.
12(xmlBufResize):
13- Set `buf->use` and NUL terminator when allocating a new
14  buffer.
15* tree.c:
16(xmlBufferResize):
17- Set `buf->use` and NUL terminator when allocating a new
18  buffer.
19(xmlBufferAddHead):
20- Set NUL terminator before returning early when shifting
21  contents.
22
23Reference:https://github.com/GNOME/libxml2/commit/4ce2abf6f656b3e78ad40e33191a8b42561c10b0
24Conflict:NA
25---
26 buf.c  | 9 ++++-----
27 tree.c | 3 +++
28 2 files changed, 7 insertions(+), 5 deletions(-)
29
30diff --git a/buf.c b/buf.c
31index f896826..da765f6 100644
32--- a/buf.c
33+++ b/buf.c
34@@ -613,14 +613,11 @@ xmlBufAddLen(xmlBufPtr buf, size_t len) {
35     if ((buf == NULL) || (buf->error))
36         return(-1);
37     CHECK_COMPAT(buf)
38-    if (len > (buf->size - buf->use))
39+    if (len >= (buf->size - buf->use))
40         return(-1);
41     buf->use += len;
42+    buf->content[buf->use] = 0;
43     UPDATE_COMPAT(buf)
44-    if (buf->size > buf->use)
45-        buf->content[buf->use] = 0;
46-    else
47-        return(-1);
48     return(0);
49 }
50 
51@@ -821,6 +818,8 @@ xmlBufResize(xmlBufPtr buf, size_t size)
52     } else {
53 	if (buf->content == NULL) {
54 	    rebuf = (xmlChar *) xmlMallocAtomic(newSize);
55+	    buf->use = 0;
56+	    rebuf[buf->use] = 0;
57 	} else if (buf->size - buf->use < 100) {
58 	    rebuf = (xmlChar *) xmlRealloc(buf->content, newSize);
59         } else {
60diff --git a/tree.c b/tree.c
61index 3dff195..e275671 100644
62--- a/tree.c
63+++ b/tree.c
64@@ -7529,6 +7529,8 @@ xmlBufferResize(xmlBufferPtr buf, unsigned int size)
65     } else {
66 	if (buf->content == NULL) {
67 	    rebuf = (xmlChar *) xmlMallocAtomic(newSize);
68+	    buf->use = 0;
69+	    rebuf[buf->use] = 0;
70 	} else if (buf->size - buf->use < 100) {
71 	    rebuf = (xmlChar *) xmlRealloc(buf->content, newSize);
72         } else {
73@@ -7657,6 +7659,7 @@ xmlBufferAddHead(xmlBufferPtr buf, const xmlChar *str, int len) {
74             memmove(&buf->content[0], str, len);
75 	    buf->use += len;
76 	    buf->size += len;
77+            buf->content[buf->use] = 0;
78 	    return(0);
79 	}
80     }
81-- 
822.27.0
83
84
85