27 lines
706 B
Diff
27 lines
706 B
Diff
--- tree.c.orig 2008-10-31 18:14:00.000000000 -0700
|
|
+++ tree.c 2008-10-31 18:14:35.000000000 -0700
|
|
@@ -14,7 +14,7 @@
|
|
#include "libxml.h"
|
|
|
|
#include <string.h> /* for memset() only ! */
|
|
-
|
|
+#include <limits.h>
|
|
#ifdef HAVE_CTYPE_H
|
|
#include <ctype.h>
|
|
#endif
|
|
@@ -6996,7 +6996,13 @@
|
|
case XML_BUFFER_ALLOC_DOUBLEIT:
|
|
/*take care of empty case*/
|
|
newSize = (buf->size ? buf->size*2 : size + 10);
|
|
- while (size > newSize) newSize *= 2;
|
|
+ while (size > newSize) {
|
|
+ if (newSize > UINT_MAX / 2) {
|
|
+ xmlTreeErrMemory("growing buffer");
|
|
+ return 0;
|
|
+ }
|
|
+ newSize *= 2;
|
|
+ }
|
|
break;
|
|
case XML_BUFFER_ALLOC_EXACT:
|
|
newSize = size+10;
|