applied patch from Massimo Morara fixing bug #317447 about risk of invalid
* parser.c: applied patch from Massimo Morara fixing bug #317447
about risk of invalid write in xmlStringLenDecodeEntities
Daniel
diff --git a/parser.c b/parser.c
index ce6e003..aeb8ab3 100644
--- a/parser.c
+++ b/parser.c
@@ -2177,6 +2177,9 @@
if (val != 0) {
COPY_BUF(0,buffer,nbchars,val);
}
+ if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) {
+ growBuffer(buffer);
+ }
} else if ((c == '&') && (what & XML_SUBSTITUTE_REF)) {
if (xmlParserDebugEntities)
xmlGenericError(xmlGenericErrorContext,
@@ -2187,6 +2190,9 @@
(ent->etype == XML_INTERNAL_PREDEFINED_ENTITY)) {
if (ent->content != NULL) {
COPY_BUF(0,buffer,nbchars,ent->content[0]);
+ if (nbchars > buffer_size - XML_PARSER_BUFFER_SIZE) {
+ growBuffer(buffer);
+ }
} else {
xmlFatalErrMsg(ctxt, XML_ERR_INTERNAL_ERROR,
"predefined entity has no content\n");