upgrade expt to 2.1.1 (closes #26556)

2016-06-11 13:28:56 -07:00 · 2016-06-11 13:28:56 -07:00 · 196d7db395
parent 46b32f307c
commit 196d7db395
4 changed files with 27 additions and 7 deletions
--- a/Misc/NEWS
+++ b/Misc/NEWS
@ -19,6 +19,8 @@ Core and Builtins
 Library
 -------
 - Issue #26556: Update expat to 2.1.1, fixes CVE-2015-1283.
 - Fix TLS stripping vulnerability in smptlib, CVE-2016-0772.  Reported by Team
  Oststrom
--- a/Modules/expat/expat.h
+++ b/Modules/expat/expat.h
@ -1040,7 +1040,7 @@ XML_GetFeatureList(void);
 */
 #define XML_MAJOR_VERSION 2
 #define XML_MINOR_VERSION 1
-#define XML_MICRO_VERSION 0
+#define XML_MICRO_VERSION 1
 #ifdef __cplusplus
 }
--- a/Modules/expat/xmlparse.c
+++ b/Modules/expat/xmlparse.c
@ -1550,7 +1550,7 @@ XML_Parse(XML_Parser parser, const char *s, int len, int isFinal)
  else if (bufferPtr == bufferEnd) {
    const char *end;
    int nLeftOver;
-    enum XML_Error result;
+    enum XML_Status result;
    parseEndByteIndex += len;
    positionPtr = s;
    ps_finalBuffer = (XML_Bool)isFinal;
@ -1678,6 +1678,10 @@ XML_ParseBuffer(XML_Parser parser, int len, int isFinal)
 void * XMLCALL
 XML_GetBuffer(XML_Parser parser, int len)
 {
  if (len < 0) {
    errorCode = XML_ERROR_NO_MEMORY;
    return NULL;
  }
  switch (ps_parsing) {
  case XML_SUSPENDED:
    errorCode = XML_ERROR_SUSPENDED;
@ -1689,10 +1693,16 @@ XML_GetBuffer(XML_Parser parser, int len)
  }
  if (len > bufferLim - bufferEnd) {
    /* FIXME avoid integer overflow */
    int neededSize = len + (int)(bufferEnd - bufferPtr);
 #ifdef XML_CONTEXT_BYTES
-    int keep = (int)(bufferPtr - buffer);
+    int keep;
 #endif
    int neededSize = len + (int)(bufferEnd - bufferPtr);
    if (neededSize < 0) {
      errorCode = XML_ERROR_NO_MEMORY;
      return NULL;
    }
 #ifdef XML_CONTEXT_BYTES
    keep = (int)(bufferPtr - buffer);
    if (keep > XML_CONTEXT_BYTES)
      keep = XML_CONTEXT_BYTES;
@ -1719,7 +1729,11 @@ XML_GetBuffer(XML_Parser parser, int len)
        bufferSize = INIT_BUFFER_SIZE;
      do {
        bufferSize *= 2;
-      } while (bufferSize < neededSize);
+      } while (bufferSize < neededSize && bufferSize > 0);
      if (bufferSize <= 0) {
        errorCode = XML_ERROR_NO_MEMORY;
        return NULL;
      }
      newBuf = (char *)MALLOC(bufferSize);
      if (newBuf == 0) {
        errorCode = XML_ERROR_NO_MEMORY;
@ -2911,6 +2925,8 @@ storeAtts(XML_Parser parser, const ENCODING *enc,
        unsigned long uriHash = hash_secret_salt;
        ((XML_Char *)s)[-1] = 0;  /* clear flag */
        id = (ATTRIBUTE_ID *)lookup(parser, &dtd->attributeIds, s, 0);
        if (!id || !id->prefix)
          return XML_ERROR_NO_MEMORY;
        b = id->prefix->binding;
        if (!b)
          return XML_ERROR_UNBOUND_PREFIX;
@ -5475,6 +5491,8 @@ getAttributeId(XML_Parser parser, const ENCODING *enc,
            return NULL;
          id->prefix = (PREFIX *)lookup(parser, &dtd->prefixes, poolStart(&dtd->pool),
                                        sizeof(PREFIX));
          if (!id->prefix)
            return NULL;
          if (id->prefix->name == poolStart(&dtd->pool))
            poolFinish(&dtd->pool);
          else
--- a/Modules/expat/xmltok.c
+++ b/Modules/expat/xmltok.c
@ -1584,7 +1584,7 @@ initScan(const ENCODING * const *encodingTable,
      if (ptr[0] == '\0') {
        /* 0 isn't a legal data character. Furthermore a document
           entity can only start with ASCII characters.  So the only
-           way this can fail to be big-endian UTF-16 is if it is an
+           way this can fail to be big-endian UTF-16 if it it's an
           external parsed general entity that's labelled as
           UTF-16LE.
        */