xmlparse.c: Fix XML_Size/XML_Index cast mixup

The "MAX = (type)-1" hack only works for unsigned types:
XML_Size is unsigned but XML_Index is not.
As the positive maximum of signed integers is about
half as big as that of their unsigned counterpart,
we divide by 2.

Example for 2 bit integers:
* signed: -2, -1, 0, 1 == 2^1-1
* unsigned: 0, 1, 2, 3 == 2^2-1

Fixing 4be2cb5afcc018d996f34bbbce6374b7befad47f

diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
index e96f459598401ade0684e56453f7178495988711..3545579918ffb5d9e0b051c3b163369de2a95eb2 100644 (file)
--- a/expat/lib/xmlparse.c
+++ b/expat/lib/xmlparse.c
@@ -1811,7 +1811,7 @@ XML_Parse(XML_Parser parser, const char *s, int len, int isFinal)
     int nLeftOver;
     enum XML_Status result;
     /* Detect overflow (a+b > MAX <==> b > MAX-a) */
-    if (len > (XML_Index)-1 - parseEndByteIndex) {
+    if (len > ((XML_Size)-1) / 2 - parseEndByteIndex) {
        errorCode = XML_ERROR_NO_MEMORY;
        eventPtr = eventEndPtr = NULL;
        processor = errorProcessor;