| Index: third_party/libxml/src/xmlmemory.c
|
| diff --git a/third_party/libxml/src/xmlmemory.c b/third_party/libxml/src/xmlmemory.c
|
| index f24fd6d4fff841241e6b65c5bc7890cb82910a7f..f08c8c3d3bb13f4c0688966d3f1854ef442ab802 100644
|
| --- a/third_party/libxml/src/xmlmemory.c
|
| +++ b/third_party/libxml/src/xmlmemory.c
|
| @@ -109,6 +109,7 @@ typedef struct memnod {
|
| #define RESERVE_SIZE (((HDR_SIZE + (ALIGN_SIZE-1)) \
|
| / ALIGN_SIZE ) * ALIGN_SIZE)
|
|
|
| +#define MAX_SIZE_T ((size_t)-1)
|
|
|
| #define CLIENT_2_HDR(a) ((MEMHDR *) (((char *) (a)) - RESERVE_SIZE))
|
| #define HDR_2_CLIENT(a) ((void *) (((char *) (a)) + RESERVE_SIZE))
|
| @@ -217,7 +218,7 @@ xmlMallocLoc(size_t size, const char * file, int line)
|
|
|
| /**
|
| * xmlMallocAtomicLoc:
|
| - * @size: an int specifying the size in byte to allocate.
|
| + * @size: an unsigned int specifying the size in byte to allocate.
|
| * @file: the file name or NULL
|
| * @line: the line number
|
| *
|
| @@ -240,11 +241,18 @@ xmlMallocAtomicLoc(size_t size, const char * file, int line)
|
|
|
| TEST_POINT
|
|
|
| + if (size > (MAX_SIZE_T - RESERVE_SIZE)) {
|
| + xmlGenericError(xmlGenericErrorContext,
|
| + "xmlMallocAtomicLoc : Unsigned overflow prevented\n");
|
| + xmlMemoryDump();
|
| + return(NULL);
|
| + }
|
| +
|
| p = (MEMHDR *) malloc(RESERVE_SIZE+size);
|
|
|
| if (!p) {
|
| xmlGenericError(xmlGenericErrorContext,
|
| - "xmlMallocLoc : Out of free space\n");
|
| + "xmlMallocAtomicLoc : Out of free space\n");
|
| xmlMemoryDump();
|
| return(NULL);
|
| }
|
|
|
Chromium Code Reviews
Issue 2010803004:
Roll libxml to bdec2183f34b37ee89ae1d330c6ad2bb4d76605f (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master