overflow.patch (3443B)
1 The line count may overflow. It's a signed integer in public api 2 so there is nothing that can be done but at least the usage should 3 be harmless since it's just a line number. 4 5 --- a/parser.c 6 +++ b/parser.c 7 @@ -2323,7 +2323,7 @@ static int spacePop(xmlParserCtxtPtr ctxt) { 8 int skipl; \ 9 for(skipl=0; skipl<val; skipl++) { \ 10 if (*(ctxt->input->cur) == '\n') { \ 11 - ctxt->input->line++; ctxt->input->col = 1; \ 12 + ctxt->input->line = ((unsigned)ctxt->input->line) + 1; ctxt->input->col = 1; \ 13 } else ctxt->input->col++; \ 14 ctxt->input->cur++; \ 15 } \ 16 @@ -2357,7 +2357,7 @@ static int spacePop(xmlParserCtxtPtr ctxt) { 17 18 #define NEXTL(l) do { \ 19 if (*(ctxt->input->cur) == '\n') { \ 20 - ctxt->input->line++; ctxt->input->col = 1; \ 21 + ctxt->input->line = ((unsigned)ctxt->input->line) + 1; ctxt->input->col = 1; \ 22 } else ctxt->input->col++; \ 23 ctxt->input->cur += l; \ 24 } while (0) 25 @@ -2391,7 +2391,7 @@ xmlSkipBlankChars(xmlParserCtxtPtr ctxt) { 26 cur = ctxt->input->cur; 27 while (IS_BLANK_CH(*cur)) { 28 if (*cur == '\n') { 29 - ctxt->input->line++; ctxt->input->col = 1; 30 + ctxt->input->line = ((unsigned)ctxt->input->line) + 1; ctxt->input->col = 1; 31 } else { 32 ctxt->input->col++; 33 } 34 @@ -4790,7 +4790,7 @@ get_more_space: 35 while (*in == 0x20) { in++; ctxt->input->col++; } 36 if (*in == 0xA) { 37 do { 38 - ctxt->input->line++; ctxt->input->col = 1; 39 + ctxt->input->line = ((unsigned)ctxt->input->line) + 1; ctxt->input->col = 1; 40 in++; 41 } while (*in == 0xA); 42 goto get_more_space; 43 @@ -4835,7 +4835,7 @@ get_more: 44 ctxt->input->col = ccol; 45 if (*in == 0xA) { 46 do { 47 - ctxt->input->line++; ctxt->input->col = 1; 48 + ctxt->input->line = ((unsigned)ctxt->input->line) + 1; ctxt->input->col = 1; 49 in++; 50 } while (*in == 0xA); 51 goto get_more; 52 @@ -4888,7 +4888,7 @@ get_more: 53 if (*in == 0xA) { 54 ctxt->input->cur = in; 55 in++; 56 - ctxt->input->line++; ctxt->input->col = 1; 57 + ctxt->input->line = ((unsigned)ctxt->input->line) + 1; ctxt->input->col = 1; 58 continue; /* while */ 59 } 60 in--; 61 @@ -5251,7 +5251,7 @@ xmlParseComment(xmlParserCtxtPtr ctxt) { 62 do { 63 if (*in == 0xA) { 64 do { 65 - ctxt->input->line++; ctxt->input->col = 1; 66 + ctxt->input->line = ((unsigned)ctxt->input->line) + 1; ctxt->input->col = 1; 67 in++; 68 } while (*in == 0xA); 69 } 70 @@ -5266,7 +5266,7 @@ get_more: 71 ctxt->input->col = ccol; 72 if (*in == 0xA) { 73 do { 74 - ctxt->input->line++; ctxt->input->col = 1; 75 + ctxt->input->line = ((unsigned)ctxt->input->line) + 1; ctxt->input->col = 1; 76 in++; 77 } while (*in == 0xA); 78 goto get_more; 79 @@ -5311,14 +5311,14 @@ get_more: 80 ctxt->input->cur = in; 81 if (*in == 0xA) { 82 in++; 83 - ctxt->input->line++; ctxt->input->col = 1; 84 + ctxt->input->line = ((unsigned)ctxt->input->line) + 1; ctxt->input->col = 1; 85 } 86 if (*in == 0xD) { 87 in++; 88 if (*in == 0xA) { 89 ctxt->input->cur = in; 90 in++; 91 - ctxt->input->line++; ctxt->input->col = 1; 92 + ctxt->input->line = ((unsigned)ctxt->input->line) + 1; ctxt->input->col = 1; 93 goto get_more; 94 } 95 in--;