Upgrade libexpat 2.6.3 · python/cpython@e6fe0ac
1-/* 2a14271ad4d35e82bde8ba210b4edb7998794bcbae54deab114046a300f9639a (2.6.2+)
1+/* ba4cdf9bdb534f355a9def4c9e25d20ee8e72f95b0a4d930be52e563f5080196 (2.6.3+)
22 __ __ _
33 ___\ \/ /_ __ __ _| |_
44 / _ \\ /| '_ \ / _` | __|
3939 Copyright (c) 2022 Sean McBride <sean@rogue-research.com>
4040 Copyright (c) 2023 Owain Davies <owaind@bath.edu>
4141 Copyright (c) 2023-2024 Sony Corporation / Snild Dolkow <snild@sony.com>
42+ Copyright (c) 2024 Berkay Eren Ürün <berkay.ueruen@siemens.com>
4243 Licensed under the MIT license:
43444445 Permission is hereby granted, free of charge, to any person obtaining
@@ -294,7 +295,7 @@ typedef struct {
294295 The name of the element is stored in both the document and API
295296 encodings. The memory buffer 'buf' is a separately-allocated
296297 memory area which stores the name. During the XML_Parse()/
297- XMLParseBuffer() when the element is open, the memory for the 'raw'
298+ XML_ParseBuffer() when the element is open, the memory for the 'raw'
298299 version of the name (in the document encoding) is shared with the
299300 document buffer. If the element is open across calls to
300301 XML_Parse()/XML_ParseBuffer(), the buffer is re-allocated to
@@ -2038,6 +2039,12 @@ XML_ParseBuffer(XML_Parser parser, int len, int isFinal) {
2038203920392040if (parser == NULL)
20402041return XML_STATUS_ERROR;
2042+2043+if (len < 0) {
2044+parser->m_errorCode = XML_ERROR_INVALID_ARGUMENT;
2045+return XML_STATUS_ERROR;
2046+ }
2047+20412048switch (parser->m_parsingStatus.parsing) {
20422049case XML_SUSPENDED:
20432050parser->m_errorCode = XML_ERROR_SUSPENDED;
@@ -5846,18 +5853,17 @@ processInternalEntity(XML_Parser parser, ENTITY *entity, XML_Bool betweenDecl) {
58465853/* Set a safe default value in case 'next' does not get set */
58475854next = textStart;
584858555849-#ifdef XML_DTD
58505856if (entity->is_param) {
58515857int tok
58525858= XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next);
58535859result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd,
58545860tok, next, &next, XML_FALSE, XML_FALSE,
58555861XML_ACCOUNT_ENTITY_EXPANSION);
5856- } else
5857-#endif /* XML_DTD */
5862+ } else {
58585863result = doContent(parser, parser->m_tagLevel, parser->m_internalEncoding,
58595864textStart, textEnd, &next, XML_FALSE,
58605865XML_ACCOUNT_ENTITY_EXPANSION);
5866+ }
5861586758625868if (result == XML_ERROR_NONE) {
58635869if (textEnd != next && parser->m_parsingStatus.parsing == XML_SUSPENDED) {
@@ -5894,18 +5900,17 @@ internalEntityProcessor(XML_Parser parser, const char *s, const char *end,
58945900/* Set a safe default value in case 'next' does not get set */
58955901next = textStart;
589659025897-#ifdef XML_DTD
58985903if (entity->is_param) {
58995904int tok
59005905= XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next);
59015906result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd,
59025907tok, next, &next, XML_FALSE, XML_TRUE,
59035908XML_ACCOUNT_ENTITY_EXPANSION);
5904- } else
5905-#endif /* XML_DTD */
5909+ } else {
59065910result = doContent(parser, openEntity->startTagLevel,
59075911parser->m_internalEncoding, textStart, textEnd, &next,
59085912XML_FALSE, XML_ACCOUNT_ENTITY_EXPANSION);
5913+ }
5909591459105915if (result != XML_ERROR_NONE)
59115916return result;
@@ -5932,17 +5937,14 @@ internalEntityProcessor(XML_Parser parser, const char *s, const char *end,
59325937return XML_ERROR_NONE;
59335938 }
593459395935-#ifdef XML_DTD
59365940if (entity->is_param) {
59375941int tok;
59385942parser->m_processor = prologProcessor;
59395943tok = XmlPrologTok(parser->m_encoding, s, end, &next);
59405944return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr,
59415945 (XML_Bool)! parser->m_parsingStatus.finalBuffer, XML_TRUE,
59425946XML_ACCOUNT_DIRECT);
5943- } else
5944-#endif /* XML_DTD */
5945- {
5947+ } else {
59465948parser->m_processor = contentProcessor;
59475949/* see externalEntityContentProcessor vs contentProcessor */
59485950result = doContent(parser, parser->m_parentParser ? 1 : 0,
@@ -7016,6 +7018,16 @@ dtdCopy(XML_Parser oldParser, DTD *newDtd, const DTD *oldDtd,
70167018if (! newE)
70177019return 0;
70187020if (oldE->nDefaultAtts) {
7021+/* Detect and prevent integer overflow.
7022+ * The preprocessor guard addresses the "always false" warning
7023+ * from -Wtype-limits on platforms where
7024+ * sizeof(int) < sizeof(size_t), e.g. on x86_64. */
7025+#if UINT_MAX >= SIZE_MAX
7026+if ((size_t)oldE->nDefaultAtts
7027+> ((size_t)(-1) / sizeof(DEFAULT_ATTRIBUTE))) {
7028+return 0;
7029+ }
7030+#endif
70197031newE->defaultAtts
70207032= ms->malloc_fcn(oldE->nDefaultAtts * sizeof(DEFAULT_ATTRIBUTE));
70217033if (! newE->defaultAtts) {
@@ -7558,6 +7570,15 @@ nextScaffoldPart(XML_Parser parser) {
75587570int next;
7559757175607572if (! dtd->scaffIndex) {
7573+/* Detect and prevent integer overflow.
7574+ * The preprocessor guard addresses the "always false" warning
7575+ * from -Wtype-limits on platforms where
7576+ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
7577+#if UINT_MAX >= SIZE_MAX
7578+if (parser->m_groupSize > ((size_t)(-1) / sizeof(int))) {
7579+return -1;
7580+ }
7581+#endif
75617582dtd->scaffIndex = (int *)MALLOC(parser, parser->m_groupSize * sizeof(int));
75627583if (! dtd->scaffIndex)
75637584return -1;