Hi,
On Mon, Aug 6, 2012 at 3:05 AM, Daniel Veillard <[email protected]> wrote:
> mistake done circa 98-99 IIRC and a bit late to fix ... The problem are
> that those buffers were using int instead of size_t for various size
> leading to a variety of troubles including security ones. How to fix
> that while keeping everything pblic API and ABI compatible ?
One idea (if you're sure consumers are just reading the public
structure and not allocating/writing to it):
struct xmlExtendedBuffer {
xmlBuffer compatBuffer;
size_t realSize;
}
Then when allocating e.g., an output buffer:
outputBuffer->buffer = &extendedBuffer->compatBuffer;
and any time you need to get at the extended buffer do:
extendedBuffer = (xmExtendedBufferPtr) outputBuffer->buffer;
Any time you need to adjust the size of the buffer, adjust
extendedBuffer->realSize, and then do
extendedBuffer->compatBuffer.size = (int) extendedBuffer->realSize;
Though, sizeof(size_t) == sizeof(int) on 32-bit arches so i'm a little
unsure how swapping one for the other could fix overflow problems.
--Ray
_______________________________________________
desktop-devel-list mailing list
[email protected]
https://mail.gnome.org/mailman/listinfo/desktop-devel-list
