| Index: third_party/libxml/src/uri.c
|
| diff --git a/third_party/libxml/src/uri.c b/third_party/libxml/src/uri.c
|
| index ff47abbecb1d0fc0f4161d3596e2840a6970ffaa..3e51255e61cd85a79eb4955dffea496d09f3c687 100644
|
| --- a/third_party/libxml/src/uri.c
|
| +++ b/third_party/libxml/src/uri.c
|
| @@ -314,7 +314,7 @@ xmlParse3986Query(xmlURIPtr uri, const char **str)
|
| * @uri: pointer to an URI structure
|
| * @str: the string to analyze
|
| *
|
| - * Parse a port part and fills in the appropriate fields
|
| + * Parse a port part and fills in the appropriate fields
|
| * of the @uri structure
|
| *
|
| * port = *DIGIT
|
| @@ -327,13 +327,13 @@ xmlParse3986Port(xmlURIPtr uri, const char **str)
|
| const char *cur = *str;
|
|
|
| if (ISA_DIGIT(cur)) {
|
| - if (uri != NULL)
|
| - uri->port = 0;
|
| + unsigned port = 0; /* unsigned for defined overflow behavior */
|
| while (ISA_DIGIT(cur)) {
|
| - if (uri != NULL)
|
| - uri->port = uri->port * 10 + (*cur - '0');
|
| + port = port * 10 + (*cur - '0');
|
| cur++;
|
| }
|
| + if (uri != NULL)
|
| + uri->port = port & INT_MAX; /* port value modulo INT_MAX+1 */
|
| *str = cur;
|
| return(0);
|
| }
|
|
|
Chromium Code Reviews
Issue 1914903002:
libxml: Fix undefined behavior due to integer overflow when parsing uri port. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master