commit 6fd04be3c2f7a2730c85b0eaf061549953161da3
Author: Tomas Korbar <tkorbar@redhat.com>
Date:   Wed Sep 11 15:12:38 2024 +0200

    Fix CVE-2024-45492
    
    https://github.com/libexpat/libexpat/pull/892

diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
index 6818c4e..698e907 100644
--- a/expat/lib/xmlparse.c
+++ b/expat/lib/xmlparse.c
@@ -7426,6 +7426,15 @@ nextScaffoldPart(XML_Parser parser)
   int next;
 
   if (!dtd->scaffIndex) {
+    /* Detect and prevent integer overflow.
+     * The preprocessor guard addresses the "always false" warning
+     * from -Wtype-limits on platforms where
+     * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
+#if UINT_MAX >= SIZE_MAX
+    if (parser->m_groupSize > ((size_t)(-1) / sizeof(int))) {
+      return -1;
+    }
+#endif
     dtd->scaffIndex = (int *)MALLOC(parser, parser->m_groupSize * sizeof(int));
     if (!dtd->scaffIndex)
       return -1;