mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-14 02:14:34 -05:00
082bc48c32
https://review.lineageos.org/q/topic:P_asb_2022-05 https://review.lineageos.org/q/topic:P_asb_2022-06 https://review.lineageos.org/q/topic:P_asb_2022-07 https://review.lineageos.org/q/topic:P_asb_2022-08 https://review.lineageos.org/q/topic:P_asb_2022-09 https://review.lineageos.org/q/topic:P_asb_2022-10 https://review.lineageos.org/q/topic:P_asb_2022-11 https://review.lineageos.org/q/topic:P_asb_2022-12 https://review.lineageos.org/q/topic:P_asb_2023-01 https://review.lineageos.org/q/topic:P_asb_2023-02 https://review.lineageos.org/q/topic:P_asb_2023-03 https://review.lineageos.org/q/topic:P_asb_2023-04 https://review.lineageos.org/q/topic:P_asb_2023-05 https://review.lineageos.org/q/topic:P_asb_2023-06 https://review.lineageos.org/q/topic:P_asb_2023-07 accounted for via manifest change: https://review.lineageos.org/c/LineageOS/android_external_freetype/+/361250 https://review.lineageos.org/q/topic:P_asb_2023-08 accounted for via manifest change: https://review.lineageos.org/c/LineageOS/android_external_freetype/+/364606 accounted for via patches: https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/365328 https://review.lineageos.org/q/topic:P_asb_2023-09 https://review.lineageos.org/q/topic:P_asb_2023-10 https://review.lineageos.org/q/topic:P_asb_2023-11 accounted for via patches: https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/374916 https://review.lineageos.org/q/topic:P_asb_2023-12 https://review.lineageos.org/q/topic:P_asb_2024-01 https://review.lineageos.org/q/topic:P_asb_2024-02 https://review.lineageos.org/q/topic:P_asb_2024-03 https://review.lineageos.org/q/topic:P_asb_2024-04 Signed-off-by: Tavi <tavi@divested.dev>
30 lines
1.1 KiB
Diff
30 lines
1.1 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Sadaf Ebrahimi <sadafebrahimi@google.com>
|
|
Date: Thu, 2 Jun 2022 19:32:22 +0000
|
|
Subject: [PATCH] Prevent XML_GetBuffer signed integer overflow
|
|
|
|
Bug: http://b/221255869
|
|
Change-Id: I38758fae8c71184f728f95e6073457cdb86bcc29
|
|
(cherry picked from commit d6a09f1b7fb24dd03dc58e45062ad951a37ff8e3)
|
|
Merged-In: I38758fae8c71184f728f95e6073457cdb86bcc29
|
|
---
|
|
lib/xmlparse.c | 5 +++++
|
|
1 file changed, 5 insertions(+)
|
|
|
|
diff --git a/lib/xmlparse.c b/lib/xmlparse.c
|
|
index 67f661b5..1d6e722d 100644
|
|
--- a/lib/xmlparse.c
|
|
+++ b/lib/xmlparse.c
|
|
@@ -2040,6 +2040,11 @@ XML_GetBuffer(XML_Parser parser, int len)
|
|
keep = (int)(parser->m_bufferPtr - parser->m_buffer);
|
|
if (keep > XML_CONTEXT_BYTES)
|
|
keep = XML_CONTEXT_BYTES;
|
|
+ /* Detect and prevent integer overflow */
|
|
+ if (keep > INT_MAX - neededSize) {
|
|
+ parser->m_errorCode = XML_ERROR_NO_MEMORY;
|
|
+ return NULL;
|
|
+ }
|
|
neededSize += keep;
|
|
#endif /* defined XML_CONTEXT_BYTES */
|
|
if (neededSize <= parser->m_bufferLim - parser->m_buffer) {
|