From: Rhodri James <rhodri@wildebeest.org.uk>
Date: Sun, 29 Jul 2018 21:36:45 +0000 (+0100)
Subject: Remove senseless pointer arithmetic (issue #170)
X-Git-Tag: R_2_2_6~6^2~2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=428d69cd42c9994578d6cfd750f97dd3d8c759d5;p=libexpat

Remove senseless pointer arithmetic (issue #170)
---

diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
index 448dc9f5..82407f68 100644
--- a/expat/lib/xmlparse.c
+++ b/expat/lib/xmlparse.c
@@ -2089,15 +2089,20 @@ XML_GetBuffer(XML_Parser parser, int len)
         parser->m_bufferPtr = parser->m_buffer + keep;
       }
       else {
-        parser->m_bufferEnd = newBuf + (parser->m_bufferEnd - parser->m_bufferPtr);
+        /* This must be a brand new buffer with no data in it yet */
+        parser->m_bufferEnd = newBuf;
         parser->m_bufferPtr = parser->m_buffer = newBuf;
       }
 #else
       if (parser->m_bufferPtr) {
         memcpy(newBuf, parser->m_bufferPtr, parser->m_bufferEnd - parser->m_bufferPtr);
         FREE(parser, parser->m_buffer);
+        parser->m_bufferEnd = newBuf + (parser->m_bufferEnd - parser->m_bufferPtr);
+      }
+      else {
+        /* This must be a brand new buffer with no data in it yet */
+        parser->m_bufferEnd = newBuf;
       }
-      parser->m_bufferEnd = newBuf + (parser->m_bufferEnd - parser->m_bufferPtr);
       parser->m_bufferPtr = parser->m_buffer = newBuf;
 #endif  /* not defined XML_CONTEXT_BYTES */
     }