I think in lib/xmlparse.c Revision 1.162 on line 2572
my occur integer overflow on x86_64 platform, cause int < sizeof(void*). There should be used size_t, i think.
In Expat, pointer differences are basically always cast to int.
It is extremely unlikely that this would cause an overflow, as Expat breaks the input buffer into chunks according to boundaries it recognizes, like line-breaks, entity references, tag delimiters, etc.
Also, the input functions allow only int for specifying text lengths.
Technically, it might be possible to construct some input that might cause an overflow, like an element name that is 2^33 characters long.
Not sure if it makes sense to do anything about it, as it would probably require us to change all ints to (64bit) longs and maybe also break the interface.
Log in to post a comment.
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.