|
Lines 11-16
Link Here
|
| 11 |
#include "libxml.h" |
11 |
#include "libxml.h" |
| 12 |
#include <stdlib.h> |
12 |
#include <stdlib.h> |
| 13 |
#include <string.h> |
13 |
#include <string.h> |
|
|
14 |
#include <limits.h> |
| 14 |
#include <libxml/xmlmemory.h> |
15 |
#include <libxml/xmlmemory.h> |
| 15 |
#include <libxml/tree.h> |
16 |
#include <libxml/tree.h> |
| 16 |
#include <libxml/parser.h> |
17 |
#include <libxml/parser.h> |
|
Lines 2455-2463
Link Here
|
| 2455 |
(xmlDictOwns(ctxt->dict, lastChild->content))) { |
2456 |
(xmlDictOwns(ctxt->dict, lastChild->content))) { |
| 2456 |
lastChild->content = xmlStrdup(lastChild->content); |
2457 |
lastChild->content = xmlStrdup(lastChild->content); |
| 2457 |
} |
2458 |
} |
|
|
2459 |
if ((size_t)ctxt->nodelen > SIZE_T_MAX - (size_t)len || |
| 2460 |
(size_t)ctxt->nodemem + (size_t)len > SIZE_T_MAX / 2) { |
| 2461 |
xmlSAX2ErrMemory(ctxt, "xmlSAX2Characters overflow prevented"); |
| 2462 |
return; |
| 2463 |
} |
| 2458 |
if (ctxt->nodelen + len >= ctxt->nodemem) { |
2464 |
if (ctxt->nodelen + len >= ctxt->nodemem) { |
| 2459 |
xmlChar *newbuf; |
2465 |
xmlChar *newbuf; |
| 2460 |
int size; |
2466 |
size_t size; |
| 2461 |
|
2467 |
|
| 2462 |
size = ctxt->nodemem + len; |
2468 |
size = ctxt->nodemem + len; |
| 2463 |
size *= 2; |
2469 |
size *= 2; |
