xref: /third_party/libxml2/backport-regexp-Add-sanity-check-in-xmlRegCalloc2.patch

From 85057e513111f69f5a8af94f3a82899d23d4c057 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Tue, 21 Feb 2023 15:24:19 +0100
Subject: [PATCH] regexp: Add sanity check in xmlRegCalloc2

These arguments should be non-zero, but add a sanity check to avoid
division by zero.

Fixes #450.

Reference:https://github.com/GNOME/libxml2/commit/85057e513111f69f5a8af94f3a82899d23d4c057
Conflict:NA
---
 xmlregexp.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/xmlregexp.c b/xmlregexp.c
index e7c48a4..cc4ae6f 100644
--- a/xmlregexp.c
+++ b/xmlregexp.c
@@ -443,7 +443,8 @@ xmlRegCalloc2(size_t dim1, size_t dim2, size_t elemSize) {
     void *ret;
 
     /* Check for overflow */
-    if (dim1 > SIZE_MAX / dim2 / elemSize)
+    if ((dim2 == 0) || (elemSize == 0) ||
+        (dim1 > SIZE_MAX / dim2 / elemSize))
         return (NULL);
     totalSize = dim1 * dim2 * elemSize;
     ret = xmlMalloc(totalSize);
-- 
2.27.0