Sophie: libxml2-2.7.1-1.4mdv2009.0 src

libxml2-2.7.1-1.4mdv2009.0.src.rpm

Info
Deps
Files
Scripts
ChangeLog
Location
Others versions
Analyse

--- tree.c.cve-2008-4225	2008-09-01 03:17:20.000000000 -0400
+++ tree.c	2008-11-18 13:22:54.000000000 -0500
@@ -14,7 +14,7 @@
 #include "libxml.h"
 
 #include <string.h> /* for memset() only ! */
-
+#include <limits.h>
 #ifdef HAVE_CTYPE_H
 #include <ctype.h>
 #endif
@@ -6996,7 +6996,13 @@ xmlBufferResize(xmlBufferPtr buf, unsign
 	case XML_BUFFER_ALLOC_DOUBLEIT:
 	    /*take care of empty case*/
 	    newSize = (buf->size ? buf->size*2 : size + 10);
-	    while (size > newSize) newSize *= 2;
+	    while (size > newSize) {
+	        if (newSize > UINT_MAX / 2) {
+	            xmlTreeErrMemory("growing buffer");
+	            return 0;
+	        }
+	        newSize *= 2;
+            }
 	    break;
 	case XML_BUFFER_ALLOC_EXACT:
 	    newSize = size+10;