DivestOS/Patches/LineageOS-15.1/android_external_expat/337987.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Sadaf Ebrahimi <sadafebrahimi@google.com>
Date: Thu, 2 Jun 2022 19:32:22 +0000
Subject: [PATCH] Prevent XML_GetBuffer signed integer overflow

Bug: http://b/221255869
Change-Id: I38758fae8c71184f728f95e6073457cdb86bcc29
(cherry picked from commit d6a09f1b7fb24dd03dc58e45062ad951a37ff8e3)
Merged-In: I38758fae8c71184f728f95e6073457cdb86bcc29
---
 lib/xmlparse.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/xmlparse.c b/lib/xmlparse.c
index 2f4e7258..91f50034 100644
--- a/lib/xmlparse.c
+++ b/lib/xmlparse.c
@@ -1741,6 +1741,11 @@ XML_GetBuffer(XML_Parser parser, int len)
     keep = (int)(bufferPtr - buffer);
     if (keep > XML_CONTEXT_BYTES)
       keep = XML_CONTEXT_BYTES;
+    /* Detect and prevent integer overflow */
+    if (keep > INT_MAX - neededSize) {
+      parser->m_errorCode = XML_ERROR_NO_MEMORY;
+      return NULL;
+    }
     neededSize += keep;
 #endif  /* defined XML_CONTEXT_BYTES */
     if (neededSize  <= bufferLim - buffer) {
15.1+16.0: September 2022 ASB picks 16.0 backports thanks to MSe1969 as usual: https://github.com/lin16-microg/android_system_bt/commits/lineage-16.0 - last 3 commits https://github.com/lin16-microg/android_frameworks_base/commits/lineage-16.0 - last 4 commits https://github.com/lin16-microg/android_external_expat/commits/lineage-16.0 - last 4 commits Signed-off-by: Tad <tad@spotco.us> 2022-09-10 18:09:00 -04:00			`From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001`
			`From: Sadaf Ebrahimi <sadafebrahimi@google.com>`
			`Date: Thu, 2 Jun 2022 19:32:22 +0000`
			`Subject: [PATCH] Prevent XML_GetBuffer signed integer overflow`

			`Bug: http://b/221255869`
			`Change-Id: I38758fae8c71184f728f95e6073457cdb86bcc29`
			`(cherry picked from commit d6a09f1b7fb24dd03dc58e45062ad951a37ff8e3)`
			`Merged-In: I38758fae8c71184f728f95e6073457cdb86bcc29`
			`---`
			`lib/xmlparse.c \| 5 +++++`
			`1 file changed, 5 insertions(+)`

			`diff --git a/lib/xmlparse.c b/lib/xmlparse.c`
			`index 2f4e7258..91f50034 100644`
			`--- a/lib/xmlparse.c`
			`+++ b/lib/xmlparse.c`
			`@@ -1741,6 +1741,11 @@ XML_GetBuffer(XML_Parser parser, int len)`
			`keep = (int)(bufferPtr - buffer);`
			`if (keep > XML_CONTEXT_BYTES)`
			`keep = XML_CONTEXT_BYTES;`
			`+ /* Detect and prevent integer overflow */`
			`+ if (keep > INT_MAX - neededSize) {`
			`+ parser->m_errorCode = XML_ERROR_NO_MEMORY;`
			`+ return NULL;`
			`+ }`
			`neededSize += keep;`
			`#endif /* defined XML_CONTEXT_BYTES */`
			`if (neededSize <= bufferLim - buffer) {`