From 36aca9c31f37aca2e88504406cc4bd72995bbfc2 Mon Sep 17 00:00:00 2001 From: Karl Waclawek Date: Mon, 28 Nov 2005 20:00:50 +0000 Subject: [PATCH] Added a note about possible integer overflow when using large input buffers. --- expat/doc/reference.html | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/expat/doc/reference.html b/expat/doc/reference.html index ebcde6cf..3f3f8d62 100644 --- a/expat/doc/reference.html +++ b/expat/doc/reference.html @@ -984,14 +984,22 @@ dealing with any memory associated with user data.

To state the obvious: the three parsing functions XML_Parse, XML_ParseBuffer and -XML_GetBuffer must not be -called from within a handler unless they operate on a separate parser -instance, that is, one that did not call the handler. For example, it -is OK to call the parsing functions from within an -XML_ExternalEntityRefHandler, if they apply to the parser -created by must not be called from within a handler +unless they operate on a separate parser instance, that is, one that +did not call the handler. For example, it is OK to call the parsing +functions from within an XML_ExternalEntityRefHandler, +if they apply to the parser created by +XML_ExternalEntityParserCreate.

+

Note: the len argument passed to these functions +should be considerably less than the maximum value for an integer, +as it could create an integer overflow situation if the added +lengths of a buffer and the unprocessed portion of the previous buffer +exceed the maximum integer value. Input data at the end of a buffer +will remain unprocessed if it is part of an XML token for which the +end is not part of that buffer.

+ 
 enum XML_Status XMLCALL
 XML_Parse(XML_Parser p,
-- 
2.40.0