153aa9179Sopenharmony_ciFrom 4ce2abf6f656b3e78ad40e33191a8b42561c10b0 Mon Sep 17 00:00:00 2001 253aa9179Sopenharmony_ciFrom: David Kilzer <ddkilzer@apple.com> 353aa9179Sopenharmony_ciDate: Sun, 29 May 2022 09:46:00 -0700 453aa9179Sopenharmony_ciSubject: [PATCH 299/300] Fix missing NUL terminators in xmlBuf and xmlBuffer 553aa9179Sopenharmony_ci functions 653aa9179Sopenharmony_ci 753aa9179Sopenharmony_ci* buf.c: 853aa9179Sopenharmony_ci(xmlBufAddLen): 953aa9179Sopenharmony_ci- Change check for remaining space to account for the NUL 1053aa9179Sopenharmony_ci terminator. When adding a length exactly equal to the number 1153aa9179Sopenharmony_ci of unused bytes, a NUL terminator was not written. 1253aa9179Sopenharmony_ci(xmlBufResize): 1353aa9179Sopenharmony_ci- Set `buf->use` and NUL terminator when allocating a new 1453aa9179Sopenharmony_ci buffer. 1553aa9179Sopenharmony_ci* tree.c: 1653aa9179Sopenharmony_ci(xmlBufferResize): 1753aa9179Sopenharmony_ci- Set `buf->use` and NUL terminator when allocating a new 1853aa9179Sopenharmony_ci buffer. 1953aa9179Sopenharmony_ci(xmlBufferAddHead): 2053aa9179Sopenharmony_ci- Set NUL terminator before returning early when shifting 2153aa9179Sopenharmony_ci contents. 2253aa9179Sopenharmony_ci 2353aa9179Sopenharmony_ciReference:https://github.com/GNOME/libxml2/commit/4ce2abf6f656b3e78ad40e33191a8b42561c10b0 2453aa9179Sopenharmony_ciConflict:NA 2553aa9179Sopenharmony_ci--- 2653aa9179Sopenharmony_ci buf.c | 9 ++++----- 2753aa9179Sopenharmony_ci tree.c | 3 +++ 2853aa9179Sopenharmony_ci 2 files changed, 7 insertions(+), 5 deletions(-) 2953aa9179Sopenharmony_ci 3053aa9179Sopenharmony_cidiff --git a/buf.c b/buf.c 3153aa9179Sopenharmony_ciindex f896826..da765f6 100644 3253aa9179Sopenharmony_ci--- a/buf.c 3353aa9179Sopenharmony_ci+++ b/buf.c 3453aa9179Sopenharmony_ci@@ -613,14 +613,11 @@ xmlBufAddLen(xmlBufPtr buf, size_t len) { 3553aa9179Sopenharmony_ci if ((buf == NULL) || (buf->error)) 3653aa9179Sopenharmony_ci return(-1); 3753aa9179Sopenharmony_ci CHECK_COMPAT(buf) 3853aa9179Sopenharmony_ci- if (len > (buf->size - buf->use)) 3953aa9179Sopenharmony_ci+ if (len >= (buf->size - buf->use)) 4053aa9179Sopenharmony_ci return(-1); 4153aa9179Sopenharmony_ci buf->use += len; 4253aa9179Sopenharmony_ci+ buf->content[buf->use] = 0; 4353aa9179Sopenharmony_ci UPDATE_COMPAT(buf) 4453aa9179Sopenharmony_ci- if (buf->size > buf->use) 4553aa9179Sopenharmony_ci- buf->content[buf->use] = 0; 4653aa9179Sopenharmony_ci- else 4753aa9179Sopenharmony_ci- return(-1); 4853aa9179Sopenharmony_ci return(0); 4953aa9179Sopenharmony_ci } 5053aa9179Sopenharmony_ci 5153aa9179Sopenharmony_ci@@ -821,6 +818,8 @@ xmlBufResize(xmlBufPtr buf, size_t size) 5253aa9179Sopenharmony_ci } else { 5353aa9179Sopenharmony_ci if (buf->content == NULL) { 5453aa9179Sopenharmony_ci rebuf = (xmlChar *) xmlMallocAtomic(newSize); 5553aa9179Sopenharmony_ci+ buf->use = 0; 5653aa9179Sopenharmony_ci+ rebuf[buf->use] = 0; 5753aa9179Sopenharmony_ci } else if (buf->size - buf->use < 100) { 5853aa9179Sopenharmony_ci rebuf = (xmlChar *) xmlRealloc(buf->content, newSize); 5953aa9179Sopenharmony_ci } else { 6053aa9179Sopenharmony_cidiff --git a/tree.c b/tree.c 6153aa9179Sopenharmony_ciindex 3dff195..e275671 100644 6253aa9179Sopenharmony_ci--- a/tree.c 6353aa9179Sopenharmony_ci+++ b/tree.c 6453aa9179Sopenharmony_ci@@ -7529,6 +7529,8 @@ xmlBufferResize(xmlBufferPtr buf, unsigned int size) 6553aa9179Sopenharmony_ci } else { 6653aa9179Sopenharmony_ci if (buf->content == NULL) { 6753aa9179Sopenharmony_ci rebuf = (xmlChar *) xmlMallocAtomic(newSize); 6853aa9179Sopenharmony_ci+ buf->use = 0; 6953aa9179Sopenharmony_ci+ rebuf[buf->use] = 0; 7053aa9179Sopenharmony_ci } else if (buf->size - buf->use < 100) { 7153aa9179Sopenharmony_ci rebuf = (xmlChar *) xmlRealloc(buf->content, newSize); 7253aa9179Sopenharmony_ci } else { 7353aa9179Sopenharmony_ci@@ -7657,6 +7659,7 @@ xmlBufferAddHead(xmlBufferPtr buf, const xmlChar *str, int len) { 7453aa9179Sopenharmony_ci memmove(&buf->content[0], str, len); 7553aa9179Sopenharmony_ci buf->use += len; 7653aa9179Sopenharmony_ci buf->size += len; 7753aa9179Sopenharmony_ci+ buf->content[buf->use] = 0; 7853aa9179Sopenharmony_ci return(0); 7953aa9179Sopenharmony_ci } 8053aa9179Sopenharmony_ci } 8153aa9179Sopenharmony_ci-- 8253aa9179Sopenharmony_ci2.27.0 8353aa9179Sopenharmony_ci 8453aa9179Sopenharmony_ci 85