Use a prime that fits 32bits on 32bit platforms

Bug reported by Yann Droneaud, thanks!
https://bugzilla.redhat.com/show_bug.cgi?id=1197087#c21

diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
index a2744b1cd636ec61acc45dd11e98946237747dcf..c9c7a9b2c7ae0243bad63ddb8c5d992a713db1c1 100644 (file)
--- a/expat/lib/xmlparse.c
+++ b/expat/lib/xmlparse.c
@@ -709,9 +709,16 @@ static unsigned long
 generate_hash_secret_salt(XML_Parser parser)
 {
   /* Process ID is 0 bits entropy if attacker has local access
-   * XML_Parser address is few bits of entropy if attacker has local access
-   * Factor is 2^61-1 (Mersenne prime M61) */
-  return (gather_time_entropy() ^ getpid() ^ (unsigned long)parser) * 2305843009213693951;
+   * XML_Parser address is few bits of entropy if attacker has local access */
+  const unsigned long entropy =
+      gather_time_entropy() ^ getpid() ^ (unsigned long)parser;
+
+  /* Factors are 2^31-1 and 2^61-1 (Mersenne primes M31 and M61) */
+  if (sizeof(unsigned long) == 4) {
+    return entropy * 2147483647;
+  } else {
+    return entropy * 2305843009213693951;
+  }
 }
 
 static XML_Bool  /* only valid for root parser */