Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(64)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/libxml/src/uri.c

Issue 1914903002: libxml: Fix undefined behavior due to integer overflow when parsing uri port. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/libxml/README.chromium ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /** 1 /**
2 * uri.c: set of generic URI related routines 2 * uri.c: set of generic URI related routines
3 * 3 *
4 * Reference: RFCs 3986, 2732 and 2373 4 * Reference: RFCs 3986, 2732 and 2373
5 * 5 *
6 * See Copyright for the status of this software. 6 * See Copyright for the status of this software.
7 * 7 *
8 * daniel@veillard.com 8 * daniel@veillard.com
9 */ 9 */
10 10
(...skipping 296 matching lines...) Expand 10 before | Expand all | Expand 10 after
307 } 307 }
308 *str = cur; 308 *str = cur;
309 return (0); 309 return (0);
310 } 310 }
311 311
312 /** 312 /**
313 * xmlParse3986Port: 313 * xmlParse3986Port:
314 * @uri: pointer to an URI structure 314 * @uri: pointer to an URI structure
315 * @str: the string to analyze 315 * @str: the string to analyze
316 * 316 *
317 * Parse a port part and fills in the appropriate fields 317 * Parse a port part and fills in the appropriate fields
318 * of the @uri structure 318 * of the @uri structure
319 * 319 *
320 * port = *DIGIT 320 * port = *DIGIT
321 * 321 *
322 * Returns 0 or the error code 322 * Returns 0 or the error code
323 */ 323 */
324 static int 324 static int
325 xmlParse3986Port(xmlURIPtr uri, const char **str) 325 xmlParse3986Port(xmlURIPtr uri, const char **str)
326 { 326 {
327 const char *cur = *str; 327 const char *cur = *str;
328 328
329 if (ISA_DIGIT(cur)) { 329 if (ISA_DIGIT(cur)) {
330 » if (uri != NULL) 330 » unsigned port = 0; /* unsigned for defined overflow behavior */
331 » uri->port = 0;
332 while (ISA_DIGIT(cur)) { 331 while (ISA_DIGIT(cur)) {
333 » if (uri != NULL) 332 » port = port * 10 + (*cur - '0');
334 » » uri->port = uri->port * 10 + (*cur - '0');
335 cur++; 333 cur++;
336 } 334 }
335 if (uri != NULL)
336 uri->port = port & INT_MAX; /* port value modulo INT_MAX+1 */
337 *str = cur; 337 *str = cur;
338 return(0); 338 return(0);
339 } 339 }
340 return(1); 340 return(1);
341 } 341 }
342 342
343 /** 343 /**
344 * xmlParse3986Userinfo: 344 * xmlParse3986Userinfo:
345 * @uri: pointer to an URI structure 345 * @uri: pointer to an URI structure
346 * @str: the string to analyze 346 * @str: the string to analyze
(...skipping 2210 matching lines...) Expand 10 before | Expand all | Expand 10 after
2557 } 2557 }
2558 #endif 2558 #endif
2559 memset(&temp, 0, sizeof(temp)); 2559 memset(&temp, 0, sizeof(temp));
2560 temp.path = (char *) cal; 2560 temp.path = (char *) cal;
2561 ret = xmlSaveUri(&temp); 2561 ret = xmlSaveUri(&temp);
2562 xmlFree(cal); 2562 xmlFree(cal);
2563 return(ret); 2563 return(ret);
2564 } 2564 }
2565 #define bottom_uri 2565 #define bottom_uri
2566 #include "elfgcchack.h" 2566 #include "elfgcchack.h"
OLDNEW
« no previous file with comments | « third_party/libxml/README.chromium ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698