diff options
Diffstat (limited to '3rdParty')
| -rw-r--r-- | 3rdParty/Expat/src/COPYING | 5 | ||||
| -rw-r--r-- | 3rdParty/Expat/src/Changes | 389 | ||||
| -rw-r--r-- | 3rdParty/Expat/src/expat.h | 35 | ||||
| -rw-r--r-- | 3rdParty/Expat/src/expat_external.h | 19 | ||||
| -rw-r--r-- | 3rdParty/Expat/src/internal.h | 22 | ||||
| -rw-r--r-- | 3rdParty/Expat/src/siphash.h | 344 | ||||
| -rw-r--r-- | 3rdParty/Expat/src/winconfig.h | 40 | ||||
| -rw-r--r-- | 3rdParty/Expat/src/xmlparse.c | 734 | ||||
| -rw-r--r-- | 3rdParty/Expat/src/xmlrole.c | 230 | ||||
| -rw-r--r-- | 3rdParty/Expat/src/xmltok.c | 244 | ||||
| -rw-r--r-- | 3rdParty/Expat/src/xmltok.h | 10 | ||||
| -rw-r--r-- | 3rdParty/Expat/src/xmltok_impl.c | 226 | 
12 files changed, 1818 insertions, 480 deletions
| diff --git a/3rdParty/Expat/src/COPYING b/3rdParty/Expat/src/COPYING index dcb4506..8d288f0 100644 --- a/3rdParty/Expat/src/COPYING +++ b/3rdParty/Expat/src/COPYING @@ -1,6 +1,5 @@ -Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center Ltd -                               and Clark Cooper -Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006 Expat maintainers. +Copyright (c) 1998-2000 Thai Open Source Software Center Ltd and Clark Cooper +Copyright (c) 2001-2017 Expat maintainers  Permission is hereby granted, free of charge, to any person obtaining  a copy of this software and associated documentation files (the diff --git a/3rdParty/Expat/src/Changes b/3rdParty/Expat/src/Changes new file mode 100644 index 0000000..3054c32 --- /dev/null +++ b/3rdParty/Expat/src/Changes @@ -0,0 +1,389 @@ +NOTE: We are looking for help with a few things: +      https://github.com/libexpat/libexpat/labels/help%20wanted +      If you can help, please get in touch.  Thanks! + +Release 2.2.1 Sat June 17 2017 +        Security fixes: +                  CVE-2017-9233 -- External entity infinite loop DoS +                    Details: https://libexpat.github.io/doc/cve-2017-9233/ +                    Commit c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f +   [MOX-002]      CVE-2016-9063 -- Detect integer overflow; commit +                    d4f735b88d9932bd5039df2335eefdd0723dbe20 +                    (Fixed version of existing downstream patches!) +   (SF.net) #539  Fix regression from fix to CVE-2016-0718 cutting off +                    longer tag names; commits +                    * 896b6c1fd3b842f377d1b62135dccf0a579cf65d +                    * af507cef2c93cb8d40062a0abe43a4f4e9158fb2 +             #16    * 0dbbf43fdb20f593ddf4fa1ff67288000dd4a7fd +             #25  More integer overflow detection (function poolGrow); commits +                    * 810b74e4703dcfdd8f404e3cb177d44684775143 +                    * 44178553f3539ce69d34abee77a05e879a7982ac +   [MOX-002]      Detect overflow from len=INT_MAX call to XML_Parse; commits +                    * 4be2cb5afcc018d996f34bbbce6374b7befad47f +                    * 7e5b71b748491b6e459e5c9a1d090820f94544d8 +   [MOX-005] #30  Use high quality entropy for hash initialization: +                    * arc4random_buf on BSD, systems with libbsd +                      (when configured with --with-libbsd), CloudABI +                    * RtlGenRandom on Windows XP / Server 2003 and later +                    * getrandom on Linux 3.17+ +                    In a way, that's still part of CVE-2016-5300. +                    https://github.com/libexpat/libexpat/pull/30/commits +   [MOX-005]      For the low quality entropy extraction fallback code, +                    the parser instance address can no longer leak, commit +                    04ad658bd3079dd15cb60fc67087900f0ff4b083 +   [MOX-003]      Prevent use of uninitialised variable; commit +   [MOX-004]        a4dc944f37b664a3ca7199c624a98ee37babdb4b +                  Add missing parameter validation to public API functions +                    and dedicated error code XML_ERROR_INVALID_ARGUMENT: +   [MOX-006]        * NULL checks; commits +                      * d37f74b2b7149a3a95a680c4c4cd2a451a51d60a (merge/many) +                      * 9ed727064b675b7180c98cb3d4f75efba6966681 +                      * 6a747c837c50114dfa413994e07c0ba477be4534 +                    * Negative length (XML_Parse); commit +   [MOX-002]          70db8d2538a10f4c022655d6895e4c3e78692e7f +   [MOX-001] #35  Change hash algorithm to William Ahern's version of SipHash +                    to go further with fixing CVE-2012-0876. +                    https://github.com/libexpat/libexpat/pull/39/commits + +        Bug fixes: +             #32  Fix sharing of hash salt across parsers; +                    relevant where XML_ExternalEntityParserCreate is called +                    prior to XML_Parse, in particular (e.g. FBReader) +             #28  xmlwf: Auto-disable use of memory-mapping (and parsing +                    as a single chunk) for files larger than ~1 GB (2^30 bytes) +                    rather than failing with error "out of memory" +              #3  Fix double free after malloc failure in DTD code; commit +                    7ae9c3d3af433cd4defe95234eae7dc8ed15637f +             #17  Fix memory leak on parser error for unbound XML attribute +                    prefix with new namespaces defined in the same tag; +                    found by Google's OSS-Fuzz; commits +                    * 16f87daae5a16132e479e4f71862128c7a915c73 +                    * b47dbc9745932c160893d433220e462bd605f8cd +                  xmlwf on Windows: Add missing calls to CloseHandle + +        New features: +             #30  Introduced environment switch EXPAT_ENTROPY_DEBUG=1 +                    for runtime debugging of entropy extraction + +        Other changes: +                  Increase code coverage +             #33  Reject use of XML_UNICODE_WCHAR_T with sizeof(wchar_t) != 2; +                    XML_UNICODE_WCHAR_T was never meant to be used outside +                    of Windows; 4-byte wchar_t is common on Linux +   (SF.net) #538  Start using -fno-strict-aliasing +   (SF.net) #540  Support compilation against cloudlibc of CloudABI +                  Allow MinGW cross-compilation +   (SF.net) #534  CMake: Introduce option "BUILD_doc" (enabled by default) +                    to bypass compilation of the xmlwf.1 man page +   (SF.net)  pr2  CMake: Introduce option "INSTALL" (enabled by default) +                    to bypass installation of expat files +                  CMake: Fix ninja support +                  Autotools: Add parameters --enable-xml-context [COUNT] +                    and --disable-xml-context; default of context of 1024 +                    bytes enabled unchanged +             #14  Drop AmigaOS 4.x code and includes +             #14  Drop ancient build systems: +                    * Borland C++ Builder +                    * OpenVMS +                    * Open Watcom +                    * Visual Studio 6.0 +                    * Pre-X Mac OS (MPW Makefile) +                    If you happen to rely on some of these, please get in +                    touch for joining with maintenance. +             #10  Move from WIN32 to _WIN32 +             #13  Fix "make run-xmltest" order instability +                  Address compile warnings +                  Bump version info from 7:2:6 to 7:3:6 +                  Add AUTHORS file + +        Infrastructure: +              #1  Migrate from SourceForge to GitHub (except downloads): +                    https://github.com/libexpat/ +              #1  Re-create http://libexpat.org/ project website +                  Start utilizing Travis CI + +        Special thanks to: +            Andy Wang +            Don Lewis +            Ed Schouten +            Karl Waclawek +            Pascal Cuoq +            Rhodri James +            Sergei Nikulov +            Tobias Taschner +            Viktor Szakats +                 and +            Core Infrastructure Initiative +            Mozilla Foundation (MOSS Track 3: Secure Open Source) +            Radically Open Security + +Release 2.2.0 Tue June 21 2016 +        Security fixes: +            #537  CVE-2016-0718 -- Fix crash on malformed input +                  CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 / +                                   CVE-2015-2716 introduced with Expat 2.1.1 +            #499  CVE-2016-5300 -- Use more entropy for hash initialization +                                   than the original fix to CVE-2012-0876 +            #519  CVE-2012-6702 -- Resolve troublesome internal call to srand +                                   that was introduced with Expat 2.1.0 +                                   when addressing CVE-2012-0876 (issue #496) + +        Bug fixes: +                  Fix uninitialized reads of size 1 +                    (e.g. in little2_updatePosition) +                  Fix detection of UTF-8 character boundaries + +        Other changes: +            #532  Fix compilation for Visual Studio 2010 (keyword "C99") +                  Autotools: Resolve use of "$<" to better support bmake +                  Autotools: Add QA script "qa.sh" (and make target "qa") +                  Autotools: Respect CXXFLAGS if given +                  Autotools: Fix "make run-xmltest" +                  Autotools: Have "make run-xmltest" check for expected output +             p90  CMake: Fix static build (BUILD_shared=OFF) on Windows +            #536  CMake: Add soversion, support -DNO_SONAME=yes to bypass +            #323  CMake: Add suffix "d" to differentiate debug from release +                  CMake: Define WIN32 with CMake on Windows +                  Annotate memory allocators for GCC +                  Address all currently known compile warnings +                  Make sure that API symbols remain visible despite +                    -fvisibility=hidden +                  Remove executable flag from source files +                  Resolve COMPILED_FROM_DSP in favor of WIN32 + +        Special thanks to: +            Björn Lindahl +            Christian Heimes +            Cristian Rodríguez +            Daniel Krügler +            Gustavo Grieco +            Karl Waclawek +            László Böszörményi +            Marco Grassi +            Pascal Cuoq +            Sergei Nikulov +            Thomas Beutlich +            Warren Young +            Yann Droneaud + +Release 2.1.1 Sat March 12 2016 +        Security fixes: +            #582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer + +        Bug fixes: +            #502: Fix potential null pointer dereference +            #520: Symbol XML_SetHashSalt was not exported +            Output of "xmlwf -h" was incomplete + +        Other changes: +            #503: Document behavior of calling XML_SetHashSalt with salt 0 +            Minor improvements to man page xmlwf(1) +            Improvements to the experimental CMake build system +            libtool now invoked with --verbose + +Release 2.1.0 Sat March 24 2012 +        - Security fixes: +          #2958794: CVE-2012-1148 - Memory leak in poolGrow. +          #2895533: CVE-2012-1147 - Resource leak in readfilemap.c. +          #3496608: CVE-2012-0876 - Hash DOS attack. +          #2894085: CVE-2009-3560 - Buffer over-read and crash in big2_toUtf8(). +          #1990430: CVE-2009-3720 - Parser crash with special UTF-8 sequences. +        - Bug Fixes: +          #1742315: Harmful XML_ParserCreateNS suggestion. +          #1785430: Expat build fails on linux-amd64 with gcc version>=4.1 -O3. +          #1983953, 2517952, 2517962, 2649838:  +                Build modifications using autoreconf instead of buildconf.sh. +          #2815947, #2884086: OBJEXT and EXEEXT support while building. +          #2517938: xmlwf should return non-zero exit status if not well-formed. +          #2517946: Wrong statement about XMLDecl in xmlwf.1 and xmlwf.sgml. +          #2855609: Dangling positionPtr after error. +          #2990652: CMake support. +          #3010819: UNEXPECTED_STATE with a trailing "%" in entity value. +          #3206497: Unitialized memory returned from XML_Parse. +          #3287849: make check fails on mingw-w64. +        - Patches: +          #1749198: pkg-config support. +          #3010222: Fix for bug #3010819. +          #3312568: CMake support. +          #3446384: Report byte offsets for attr names and values. +        - New Features / API changes: +          Added new API member XML_SetHashSalt() that allows setting an initial +                value (salt) for hash calculations. This is part of the fix for +                bug #3496608 to randomize hash parameters. +          When compiled with XML_ATTR_INFO defined, adds new API member +                XML_GetAttributeInfo() that allows retrieving the byte +                offsets for attribute names and values (patch #3446384). +          Added CMake build system. +                See bug #2990652 and patch #3312568. +          Added run-benchmark target to Makefile.in - relies on testdata module +                present in the same relative location as in the repository. +           +Release 2.0.1 Tue June 5 2007 +        - Fixed bugs #1515266, #1515600: The character data handler's calling +          of XML_StopParser() was not handled properly; if the parser was +          stopped and the handler set to NULL, the parser would segfault. +        - Fixed bug #1690883: Expat failed on EBCDIC systems as it assumed +          some character constants to be ASCII encoded. +        - Minor cleanups of the test harness. +        - Fixed xmlwf bug #1513566: "out of memory" error on file size zero. +        - Fixed outline.c bug #1543233: missing a final XML_ParserFree() call. +        - Fixes and improvements for Windows platform: +          bugs #1409451, #1476160, #1548182, #1602769, #1717322. +        - Build fixes for various platforms: +          HP-UX, Tru64, Solaris 9: patch #1437840, bug #1196180. +          All Unix: #1554618 (refreshed config.sub/config.guess). +                    #1490371, #1613457: support both, DESTDIR and INSTALL_ROOT, +                    without relying on GNU-Make specific features. +          #1647805: Patched configure.in to work better with Intel compiler. +        - Fixes to Makefile.in to have make check work correctly: +          bugs #1408143, #1535603, #1536684. +        - Added Open Watcom support: patch #1523242. + +Release 2.0.0 Wed Jan 11 2006 +        - We no longer use the "check" library for C unit testing; we +          always use the (partial) internal implementation of the API. +        - Report XML_NS setting via XML_GetFeatureList(). +        - Fixed headers for use from C++. +        - XML_GetCurrentLineNumber() and  XML_GetCurrentColumnNumber() +          now return unsigned integers. +        - Added XML_LARGE_SIZE switch to enable 64-bit integers for +          byte indexes and line/column numbers. +        - Updated to use libtool 1.5.22 (the most recent). +        - Added support for AmigaOS. +        - Some mostly minor bug fixes. SF issues include: #1006708, +          #1021776, #1023646, #1114960, #1156398, #1221160, #1271642. + +Release 1.95.8 Fri Jul 23 2004 +        - Major new feature: suspend/resume.  Handlers can now request +          that a parse be suspended for later resumption or aborted +          altogether.  See "Temporarily Stopping Parsing" in the +          documentation for more details. +        - Some mostly minor bug fixes, but compilation should no +          longer generate warnings on most platforms.  SF issues +          include: #827319, #840173, #846309, #888329, #896188, #923913, +          #928113, #961698, #985192. + +Release 1.95.7 Mon Oct 20 2003 +        - Fixed enum XML_Status issue (reported on SourceForge many +          times), so compilers that are properly picky will be happy. +        - Introduced an XMLCALL macro to control the calling +          convention used by the Expat API; this macro should be used +          to annotate prototypes and definitions of callback +          implementations in code compiled with a calling convention +          other than the default convention for the host platform. +        - Improved ability to build without the configure-generated +          expat_config.h header.  This is useful for applications +          which embed Expat rather than linking in the library. +        - Fixed a variety of bugs: see SF issues #458907, #609603, +          #676844, #679754, #692878, #692964, #695401, #699323, #699487, +          #820946. +        - Improved hash table lookups. +        - Added more regression tests and improved documentation. + +Release 1.95.6 Tue Jan 28 2003 +        - Added XML_FreeContentModel(). +        - Added XML_MemMalloc(), XML_MemRealloc(), XML_MemFree(). +        - Fixed a variety of bugs: see SF issues #615606, #616863, +          #618199, #653180, #673791. +        - Enhanced the regression test suite. +        - Man page improvements: includes SF issue #632146. + +Release 1.95.5 Fri Sep 6 2002 +        - Added XML_UseForeignDTD() for improved SAX2 support. +        - Added XML_GetFeatureList(). +        - Defined XML_Bool type and the values XML_TRUE and XML_FALSE. +        - Use an incomplete struct instead of a void* for the parser +          (may not retain). +        - Fixed UTF-8 decoding bug that caused legal UTF-8 to be rejected. +        - Finally fixed bug where default handler would report DTD +          events that were already handled by another handler. +          Initial patch contributed by Darryl Miles. +        - Removed unnecessary DllMain() function that caused static +          linking into a DLL to be difficult. +        - Added VC++ projects for building static libraries. +        - Reduced line-length for all source code and headers to be +          no longer than 80 characters, to help with AS/400 support. +        - Reduced memory copying during parsing (SF patch #600964). +        - Fixed a variety of bugs: see SF issues #580793, #434664, +          #483514, #580503, #581069, #584041, #584183, #584832, #585537, +          #596555, #596678, #598352, #598944, #599715, #600479, #600971. + +Release 1.95.4 Fri Jul 12 2002 +        - Added support for VMS, contributed by Craig Berry.  See +          vms/README.vms for more information. +        - Added Mac OS (classic) support, with a makefile for MPW, +          contributed by Thomas Wegner and Daryle Walker. +        - Added Borland C++ Builder 5 / BCC 5.5 support, contributed +          by Patrick McConnell (SF patch #538032). +        - Fixed a variety of bugs: see SF issues #441449, #563184, +          #564342, #566334, #566901, #569461, #570263, #575168, #579196. +        - Made skippedEntityHandler conform to SAX2 (see source comment) +        - Re-implemented WFC: Entity Declared from XML 1.0 spec and +          added a new error "entity declared in parameter entity": +          see SF bug report #569461 and SF patch #578161 +        - Re-implemented section 5.1 from XML 1.0 spec: +          see SF bug report #570263 and SF patch #578161 + +Release 1.95.3 Mon Jun 3 2002 +        - Added a project to the MSVC workspace to create a wchar_t +          version of the library; the DLLs are named libexpatw.dll. +        - Changed the name of the Windows DLLs from expat.dll to +          libexpat.dll; this fixes SF bug #432456. +        - Added the XML_ParserReset() API function. +        - Fixed XML_SetReturnNSTriplet() to work for element names. +        - Made the XML_UNICODE builds usable (thanks, Karl!). +        - Allow xmlwf to read from standard input. +        - Install a man page for xmlwf on Unix systems. +        - Fixed many bugs; see SF bug reports #231864, #461380, #464837, +          #466885, #469226, #477667, #484419, #487840, #494749, #496505, +          #547350.  Other bugs which we can't test as easily may also +          have been fixed, especially in the area of build support. + +Release 1.95.2 Fri Jul 27 2001 +        - More changes to make MSVC happy with the build; add a single +          workspace to support both the library and xmlwf application. +        - Added a Windows installer for Windows users; includes +          xmlwf.exe. +        - Added compile-time constants that can be used to determine the +          Expat version +        - Removed a lot of GNU-specific dependencies to aide portability +          among the various Unix flavors. +        - Fix the UTF-8 BOM bug. +        - Cleaned up warning messages for several compilers. +        - Added the -Wall, -Wstrict-prototypes options for GCC. + +Release 1.95.1 Sun Oct 22 15:11:36 EDT 2000 +        - Changes to get expat to build under Microsoft compiler +        - Removed all aborts and instead return an UNEXPECTED_STATE error. +        - Fixed a bug where a stray '%' in an entity value would cause an +          abort. +        - Defined XML_SetEndNamespaceDeclHandler. Thanks to Darryl Miles for +          finding this oversight. +        - Changed default patterns in lib/Makefile.in to fit non-GNU makes +          Thanks to robin@unrated.net for reporting and providing an +          account to test on. +        - The reference had the wrong label for XML_SetStartNamespaceDecl. +          Reported by an anonymous user. + +Release 1.95.0 Fri Sep 29 2000 +        - XML_ParserCreate_MM +                Allows you to set a memory management suite to replace the +                standard malloc,realloc, and free. +        - XML_SetReturnNSTriplet +                If you turn this feature on when namespace processing is in +                effect, then qualified, prefixed element and attribute names +                are returned as "uri|name|prefix" where '|' is whatever +                separator character is used in namespace processing. +        - Merged in features from perl-expat +                o XML_SetElementDeclHandler +                o XML_SetAttlistDeclHandler +                o XML_SetXmlDeclHandler +                o XML_SetEntityDeclHandler +                o StartDoctypeDeclHandler takes 3 additional parameters: +                        sysid, pubid, has_internal_subset +                o Many paired handler setters (like XML_SetElementHandler) +                  now have corresponding individual handler setters +                o XML_GetInputContext for getting the input context of +                  the current parse position. +        - Added reference material +        - Packaged into a distribution that builds a sharable library diff --git a/3rdParty/Expat/src/expat.h b/3rdParty/Expat/src/expat.h index 9a21680..28b0f95 100644 --- a/3rdParty/Expat/src/expat.h +++ b/3rdParty/Expat/src/expat.h @@ -95,7 +95,9 @@ enum XML_Error {    /* Added in 2.0. */    XML_ERROR_RESERVED_PREFIX_XML,    XML_ERROR_RESERVED_PREFIX_XMLNS, -  XML_ERROR_RESERVED_NAMESPACE_URI +  XML_ERROR_RESERVED_NAMESPACE_URI, +  /* Added in 2.2.1. */ +  XML_ERROR_INVALID_ARGUMENT  };  enum XML_Content_Type { @@ -342,7 +344,7 @@ XML_SetEntityDeclHandler(XML_Parser parser,                           XML_EntityDeclHandler handler);  /* OBSOLETE -- OBSOLETE -- OBSOLETE -   This handler has been superceded by the EntityDeclHandler above. +   This handler has been superseded by the EntityDeclHandler above.     It is provided here for backward compatibility.     This is called for a declaration of an unparsed (NDATA) entity. @@ -706,6 +708,7 @@ XML_UseParserAsHandlerArg(XML_Parser parser);       be called, despite an external subset being parsed.     Note: If XML_DTD is not defined when Expat is compiled, returns       XML_ERROR_FEATURE_REQUIRES_XML_DTD. +   Note: If parser == NULL, returns XML_ERROR_INVALID_ARGUMENT.  */  XMLPARSEAPI(enum XML_Error)  XML_UseForeignDTD(XML_Parser parser, XML_Bool useDTD); @@ -729,15 +732,16 @@ XML_GetBase(XML_Parser parser);     to the XML_StartElementHandler that were specified in the start-tag     rather than defaulted. Each attribute/value pair counts as 2; thus     this correspondds to an index into the atts array passed to the -   XML_StartElementHandler. +   XML_StartElementHandler.  Returns -1 if parser == NULL.  */  XMLPARSEAPI(int)  XML_GetSpecifiedAttributeCount(XML_Parser parser);  /* Returns the index of the ID attribute passed in the last call to -   XML_StartElementHandler, or -1 if there is no ID attribute.  Each -   attribute/value pair counts as 2; thus this correspondds to an -   index into the atts array passed to the XML_StartElementHandler. +   XML_StartElementHandler, or -1 if there is no ID attribute or +   parser == NULL.  Each attribute/value pair counts as 2; thus this +   correspondds to an index into the atts array passed to the +   XML_StartElementHandler.  */  XMLPARSEAPI(int)  XML_GetIdAttributeIndex(XML_Parser parser); @@ -901,6 +905,7 @@ enum XML_ParamEntityParsing {     entities is requested; otherwise it will return non-zero.     Note: If XML_SetParamEntityParsing is called after XML_Parse or        XML_ParseBuffer, then it has no effect and will always return 0. +   Note: If parser == NULL, the function will do nothing and return 0.  */  XMLPARSEAPI(int)  XML_SetParamEntityParsing(XML_Parser parser, @@ -910,6 +915,7 @@ XML_SetParamEntityParsing(XML_Parser parser,     Helps in preventing DoS attacks based on predicting hash     function behavior. This must be called before parsing is started.     Returns 1 if successful, 0 when called after parsing has started. +   Note: If parser == NULL, the function will do nothing and return 0.  */  XMLPARSEAPI(int)  XML_SetHashSalt(XML_Parser parser, @@ -936,6 +942,10 @@ XML_GetErrorCode(XML_Parser parser);     the location is the location of the character at which the error     was detected; otherwise the location is the location of the last     parse event, as described above. + +   Note: XML_GetCurrentLineNumber and XML_GetCurrentColumnNumber +   return 0 to indicate an error. +   Note: XML_GetCurrentByteIndex returns -1 to indicate an error.  */  XMLPARSEAPI(XML_Size) XML_GetCurrentLineNumber(XML_Parser parser);  XMLPARSEAPI(XML_Size) XML_GetCurrentColumnNumber(XML_Parser parser); @@ -973,9 +983,12 @@ XML_FreeContentModel(XML_Parser parser, XML_Content *model);  /* Exposing the memory handling functions used in Expat */  XMLPARSEAPI(void *) +XML_ATTR_MALLOC +XML_ATTR_ALLOC_SIZE(2)  XML_MemMalloc(XML_Parser parser, size_t size);  XMLPARSEAPI(void *) +XML_ATTR_ALLOC_SIZE(3)  XML_MemRealloc(XML_Parser parser, void *ptr, size_t size);  XMLPARSEAPI(void) @@ -1031,14 +1044,12 @@ XMLPARSEAPI(const XML_Feature *)  XML_GetFeatureList(void); -/* Expat follows the GNU/Linux convention of odd number minor version for -   beta/development releases and even number minor version for stable -   releases. Micro is bumped with each release, and set to 0 with each -   change to major or minor version. +/* Expat follows the semantic versioning convention. +   See http://semver.org.  */  #define XML_MAJOR_VERSION 2 -#define XML_MINOR_VERSION 1 -#define XML_MICRO_VERSION 0 +#define XML_MINOR_VERSION 2 +#define XML_MICRO_VERSION 1  #ifdef __cplusplus  } diff --git a/3rdParty/Expat/src/expat_external.h b/3rdParty/Expat/src/expat_external.h index 2c03284..892eb4b 100644 --- a/3rdParty/Expat/src/expat_external.h +++ b/3rdParty/Expat/src/expat_external.h @@ -65,12 +65,26 @@  #endif  #endif  /* not defined XML_STATIC */ +#if !defined(XMLIMPORT) && defined(__GNUC__) && (__GNUC__ >= 4) +#define XMLIMPORT __attribute__ ((visibility ("default"))) +#endif  /* If we didn't define it above, define it away: */  #ifndef XMLIMPORT  #define XMLIMPORT  #endif +#if defined(__GNUC__) && (__GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 96)) +#define XML_ATTR_MALLOC __attribute__((__malloc__)) +#else +#define XML_ATTR_MALLOC +#endif + +#if defined(__GNUC__) && ((__GNUC__ > 4) || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3)) +#define XML_ATTR_ALLOC_SIZE(x)  __attribute__((__alloc_size__(x))) +#else +#define XML_ATTR_ALLOC_SIZE(x) +#endif  #define XMLPARSEAPI(type) XMLIMPORT type XMLCALL @@ -79,7 +93,10 @@ extern "C" {  #endif  #ifdef XML_UNICODE_WCHAR_T -#define XML_UNICODE +# define XML_UNICODE +# if defined(__SIZEOF_WCHAR_T__) && (__SIZEOF_WCHAR_T__ != 2) +#  error "sizeof(wchar_t) != 2; Need -fshort-wchar for both Expat and libc" +# endif  #endif  #ifdef XML_UNICODE     /* Information is UTF-16 encoded. */ diff --git a/3rdParty/Expat/src/internal.h b/3rdParty/Expat/src/internal.h index dd54548..94cb98e 100644 --- a/3rdParty/Expat/src/internal.h +++ b/3rdParty/Expat/src/internal.h @@ -71,3 +71,25 @@  #define inline  #endif  #endif + +#ifndef UNUSED_P +# ifdef __GNUC__ +#  define UNUSED_P(p) UNUSED_ ## p __attribute__((__unused__)) +# else +#  define UNUSED_P(p) UNUSED_ ## p +# endif +#endif + + +#ifdef __cplusplus +extern "C" { +#endif + + +void +align_limit_to_full_utf8_characters(const char * from, const char ** fromLimRef); + + +#ifdef __cplusplus +} +#endif diff --git a/3rdParty/Expat/src/siphash.h b/3rdParty/Expat/src/siphash.h new file mode 100644 index 0000000..23b56d2 --- /dev/null +++ b/3rdParty/Expat/src/siphash.h @@ -0,0 +1,344 @@ +/* ========================================================================== + * siphash.h - SipHash-2-4 in a single header file + * -------------------------------------------------------------------------- + * Derived by William Ahern from the reference implementation[1] published[2] + * by Jean-Philippe Aumasson and Daniel J. Berstein. Licensed in kind. + * by Jean-Philippe Aumasson and Daniel J. Berstein. + * Minimal changes by Sebastian Pipping on top, details below. + * Licensed under the CC0 Public Domain Dedication license. + * + * 1. https://www.131002.net/siphash/siphash24.c + * 2. https://www.131002.net/siphash/ + * -------------------------------------------------------------------------- + * HISTORY: + * + * 2017-06-10  (Sebastian Pipping) + *   - Clarify license note in the header + *   - Address C89 issues: + *     - Stop using inline keyword (and let compiler decide) + *     - Turn integer suffix ULL to UL + *     - Replace _Bool by int + *     - Turn macro siphash24 into a function + *     - Address invalid conversion (void pointer) by explicit cast + *   - Always expose sip24_valid (for self-tests) + * + * 2012-11-04 - Born.  (William Ahern) + * -------------------------------------------------------------------------- + * USAGE: + * + * SipHash-2-4 takes as input two 64-bit words as the key, some number of + * message bytes, and outputs a 64-bit word as the message digest. This + * implementation employs two data structures: a struct sipkey for + * representing the key, and a struct siphash for representing the hash + * state. + * + * For converting a 16-byte unsigned char array to a key, use either the + * macro sip_keyof or the routine sip_tokey. The former instantiates a + * compound literal key, while the latter requires a key object as a + * parameter. + * + * 	unsigned char secret[16]; + * 	arc4random_buf(secret, sizeof secret); + * 	struct sipkey *key = sip_keyof(secret); + * + * For hashing a message, use either the convenience macro siphash24 or the + * routines sip24_init, sip24_update, and sip24_final. + * + * 	struct siphash state; + * 	void *msg; + * 	size_t len; + * 	uint64_t hash; + * + * 	sip24_init(&state, key); + * 	sip24_update(&state, msg, len); + * 	hash = sip24_final(&state); + * + * or + * + * 	hash = siphash24(msg, len, key); + * + * To convert the 64-bit hash value to a canonical 8-byte little-endian + * binary representation, use either the macro sip_binof or the routine + * sip_tobin. The former instantiates and returns a compound literal array, + * while the latter requires an array object as a parameter. + * -------------------------------------------------------------------------- + * NOTES: + * + * o Neither sip_keyof, sip_binof, nor siphash24 will work with compilers + *   lacking compound literal support. Instead, you must use the lower-level + *   interfaces which take as parameters the temporary state objects. + * + * o Uppercase macros may evaluate parameters more than once. Lowercase + *   macros should not exhibit any such side effects. + * ========================================================================== + */ +#ifndef SIPHASH_H +#define SIPHASH_H + +#include <stddef.h> /* size_t */ +#include <stdint.h> /* uint64_t uint32_t uint8_t */ + + +#define SIP_ROTL(x, b) (uint64_t)(((x) << (b)) | ( (x) >> (64 - (b)))) + +#define SIP_U32TO8_LE(p, v) \ +	(p)[0] = (uint8_t)((v) >>  0); (p)[1] = (uint8_t)((v) >>  8); \ +	(p)[2] = (uint8_t)((v) >> 16); (p)[3] = (uint8_t)((v) >> 24); + +#define SIP_U64TO8_LE(p, v) \ +	SIP_U32TO8_LE((p) + 0, (uint32_t)((v) >>  0)); \ +	SIP_U32TO8_LE((p) + 4, (uint32_t)((v) >> 32)); + +#define SIP_U8TO64_LE(p) \ +	(((uint64_t)((p)[0]) <<  0) | \ +	 ((uint64_t)((p)[1]) <<  8) | \ +	 ((uint64_t)((p)[2]) << 16) | \ +	 ((uint64_t)((p)[3]) << 24) | \ +	 ((uint64_t)((p)[4]) << 32) | \ +	 ((uint64_t)((p)[5]) << 40) | \ +	 ((uint64_t)((p)[6]) << 48) | \ +	 ((uint64_t)((p)[7]) << 56)) + + +#define SIPHASH_INITIALIZER { 0, 0, 0, 0, { 0 }, 0, 0 } + +struct siphash { +	uint64_t v0, v1, v2, v3; + +	unsigned char buf[8], *p; +	uint64_t c; +}; /* struct siphash */ + + +#define SIP_KEYLEN 16 + +struct sipkey { +	uint64_t k[2]; +}; /* struct sipkey */ + +#define sip_keyof(k) sip_tokey(&(struct sipkey){ { 0 } }, (k)) + +static struct sipkey *sip_tokey(struct sipkey *key, const void *src) { +	key->k[0] = SIP_U8TO64_LE((const unsigned char *)src); +	key->k[1] = SIP_U8TO64_LE((const unsigned char *)src + 8); +	return key; +} /* sip_tokey() */ + + +#define sip_binof(v) sip_tobin((unsigned char[8]){ 0 }, (v)) + +static void *sip_tobin(void *dst, uint64_t u64) { +	SIP_U64TO8_LE((unsigned char *)dst, u64); +	return dst; +} /* sip_tobin() */ + + +static void sip_round(struct siphash *H, const int rounds) { +	int i; + +	for (i = 0; i < rounds; i++) { +		H->v0 += H->v1; +		H->v1 = SIP_ROTL(H->v1, 13); +		H->v1 ^= H->v0; +		H->v0 = SIP_ROTL(H->v0, 32); + +		H->v2 += H->v3; +		H->v3 = SIP_ROTL(H->v3, 16); +		H->v3 ^= H->v2; + +		H->v0 += H->v3; +		H->v3 = SIP_ROTL(H->v3, 21); +		H->v3 ^= H->v0; + +		H->v2 += H->v1; +		H->v1 = SIP_ROTL(H->v1, 17); +		H->v1 ^= H->v2; +		H->v2 = SIP_ROTL(H->v2, 32); +	} +} /* sip_round() */ + + +static struct siphash *sip24_init(struct siphash *H, const struct sipkey *key) { +	H->v0 = 0x736f6d6570736575UL ^ key->k[0]; +	H->v1 = 0x646f72616e646f6dUL ^ key->k[1]; +	H->v2 = 0x6c7967656e657261UL ^ key->k[0]; +	H->v3 = 0x7465646279746573UL ^ key->k[1]; + +	H->p = H->buf; +	H->c = 0; + +	return H; +} /* sip24_init() */ + + +#define sip_endof(a) (&(a)[sizeof (a) / sizeof *(a)]) + +static struct siphash *sip24_update(struct siphash *H, const void *src, size_t len) { +	const unsigned char *p = (const unsigned char *)src, *pe = p + len; +	uint64_t m; + +	do { +		while (p < pe && H->p < sip_endof(H->buf)) +			*H->p++ = *p++; + +		if (H->p < sip_endof(H->buf)) +			break; + +		m = SIP_U8TO64_LE(H->buf); +		H->v3 ^= m; +		sip_round(H, 2); +		H->v0 ^= m; + +		H->p = H->buf; +		H->c += 8; +	} while (p < pe); + +	return H; +} /* sip24_update() */ + + +static uint64_t sip24_final(struct siphash *H) { +	char left = H->p - H->buf; +	uint64_t b = (H->c + left) << 56; + +	switch (left) { +	case 7: b |= (uint64_t)H->buf[6] << 48; +	case 6: b |= (uint64_t)H->buf[5] << 40; +	case 5: b |= (uint64_t)H->buf[4] << 32; +	case 4: b |= (uint64_t)H->buf[3] << 24; +	case 3: b |= (uint64_t)H->buf[2] << 16; +	case 2: b |= (uint64_t)H->buf[1] << 8; +	case 1: b |= (uint64_t)H->buf[0] << 0; +	case 0: break; +	} + +	H->v3 ^= b; +	sip_round(H, 2); +	H->v0 ^= b; +	H->v2 ^= 0xff; +	sip_round(H, 4); + +	return H->v0 ^ H->v1 ^ H->v2  ^ H->v3; +} /* sip24_final() */ + + +static uint64_t siphash24(const void *src, size_t len, const struct sipkey *key) { +	struct siphash state = SIPHASH_INITIALIZER; +	return sip24_final(sip24_update(sip24_init(&state, key), src, len)); +} /* siphash24() */ + + +/* + * SipHash-2-4 output with + * k = 00 01 02 ... + * and + * in = (empty string) + * in = 00 (1 byte) + * in = 00 01 (2 bytes) + * in = 00 01 02 (3 bytes) + * ... + * in = 00 01 02 ... 3e (63 bytes) + */ +static int sip24_valid(void) { +	static const unsigned char vectors[64][8] = { +		{ 0x31, 0x0e, 0x0e, 0xdd, 0x47, 0xdb, 0x6f, 0x72, }, +		{ 0xfd, 0x67, 0xdc, 0x93, 0xc5, 0x39, 0xf8, 0x74, }, +		{ 0x5a, 0x4f, 0xa9, 0xd9, 0x09, 0x80, 0x6c, 0x0d, }, +		{ 0x2d, 0x7e, 0xfb, 0xd7, 0x96, 0x66, 0x67, 0x85, }, +		{ 0xb7, 0x87, 0x71, 0x27, 0xe0, 0x94, 0x27, 0xcf, }, +		{ 0x8d, 0xa6, 0x99, 0xcd, 0x64, 0x55, 0x76, 0x18, }, +		{ 0xce, 0xe3, 0xfe, 0x58, 0x6e, 0x46, 0xc9, 0xcb, }, +		{ 0x37, 0xd1, 0x01, 0x8b, 0xf5, 0x00, 0x02, 0xab, }, +		{ 0x62, 0x24, 0x93, 0x9a, 0x79, 0xf5, 0xf5, 0x93, }, +		{ 0xb0, 0xe4, 0xa9, 0x0b, 0xdf, 0x82, 0x00, 0x9e, }, +		{ 0xf3, 0xb9, 0xdd, 0x94, 0xc5, 0xbb, 0x5d, 0x7a, }, +		{ 0xa7, 0xad, 0x6b, 0x22, 0x46, 0x2f, 0xb3, 0xf4, }, +		{ 0xfb, 0xe5, 0x0e, 0x86, 0xbc, 0x8f, 0x1e, 0x75, }, +		{ 0x90, 0x3d, 0x84, 0xc0, 0x27, 0x56, 0xea, 0x14, }, +		{ 0xee, 0xf2, 0x7a, 0x8e, 0x90, 0xca, 0x23, 0xf7, }, +		{ 0xe5, 0x45, 0xbe, 0x49, 0x61, 0xca, 0x29, 0xa1, }, +		{ 0xdb, 0x9b, 0xc2, 0x57, 0x7f, 0xcc, 0x2a, 0x3f, }, +		{ 0x94, 0x47, 0xbe, 0x2c, 0xf5, 0xe9, 0x9a, 0x69, }, +		{ 0x9c, 0xd3, 0x8d, 0x96, 0xf0, 0xb3, 0xc1, 0x4b, }, +		{ 0xbd, 0x61, 0x79, 0xa7, 0x1d, 0xc9, 0x6d, 0xbb, }, +		{ 0x98, 0xee, 0xa2, 0x1a, 0xf2, 0x5c, 0xd6, 0xbe, }, +		{ 0xc7, 0x67, 0x3b, 0x2e, 0xb0, 0xcb, 0xf2, 0xd0, }, +		{ 0x88, 0x3e, 0xa3, 0xe3, 0x95, 0x67, 0x53, 0x93, }, +		{ 0xc8, 0xce, 0x5c, 0xcd, 0x8c, 0x03, 0x0c, 0xa8, }, +		{ 0x94, 0xaf, 0x49, 0xf6, 0xc6, 0x50, 0xad, 0xb8, }, +		{ 0xea, 0xb8, 0x85, 0x8a, 0xde, 0x92, 0xe1, 0xbc, }, +		{ 0xf3, 0x15, 0xbb, 0x5b, 0xb8, 0x35, 0xd8, 0x17, }, +		{ 0xad, 0xcf, 0x6b, 0x07, 0x63, 0x61, 0x2e, 0x2f, }, +		{ 0xa5, 0xc9, 0x1d, 0xa7, 0xac, 0xaa, 0x4d, 0xde, }, +		{ 0x71, 0x65, 0x95, 0x87, 0x66, 0x50, 0xa2, 0xa6, }, +		{ 0x28, 0xef, 0x49, 0x5c, 0x53, 0xa3, 0x87, 0xad, }, +		{ 0x42, 0xc3, 0x41, 0xd8, 0xfa, 0x92, 0xd8, 0x32, }, +		{ 0xce, 0x7c, 0xf2, 0x72, 0x2f, 0x51, 0x27, 0x71, }, +		{ 0xe3, 0x78, 0x59, 0xf9, 0x46, 0x23, 0xf3, 0xa7, }, +		{ 0x38, 0x12, 0x05, 0xbb, 0x1a, 0xb0, 0xe0, 0x12, }, +		{ 0xae, 0x97, 0xa1, 0x0f, 0xd4, 0x34, 0xe0, 0x15, }, +		{ 0xb4, 0xa3, 0x15, 0x08, 0xbe, 0xff, 0x4d, 0x31, }, +		{ 0x81, 0x39, 0x62, 0x29, 0xf0, 0x90, 0x79, 0x02, }, +		{ 0x4d, 0x0c, 0xf4, 0x9e, 0xe5, 0xd4, 0xdc, 0xca, }, +		{ 0x5c, 0x73, 0x33, 0x6a, 0x76, 0xd8, 0xbf, 0x9a, }, +		{ 0xd0, 0xa7, 0x04, 0x53, 0x6b, 0xa9, 0x3e, 0x0e, }, +		{ 0x92, 0x59, 0x58, 0xfc, 0xd6, 0x42, 0x0c, 0xad, }, +		{ 0xa9, 0x15, 0xc2, 0x9b, 0xc8, 0x06, 0x73, 0x18, }, +		{ 0x95, 0x2b, 0x79, 0xf3, 0xbc, 0x0a, 0xa6, 0xd4, }, +		{ 0xf2, 0x1d, 0xf2, 0xe4, 0x1d, 0x45, 0x35, 0xf9, }, +		{ 0x87, 0x57, 0x75, 0x19, 0x04, 0x8f, 0x53, 0xa9, }, +		{ 0x10, 0xa5, 0x6c, 0xf5, 0xdf, 0xcd, 0x9a, 0xdb, }, +		{ 0xeb, 0x75, 0x09, 0x5c, 0xcd, 0x98, 0x6c, 0xd0, }, +		{ 0x51, 0xa9, 0xcb, 0x9e, 0xcb, 0xa3, 0x12, 0xe6, }, +		{ 0x96, 0xaf, 0xad, 0xfc, 0x2c, 0xe6, 0x66, 0xc7, }, +		{ 0x72, 0xfe, 0x52, 0x97, 0x5a, 0x43, 0x64, 0xee, }, +		{ 0x5a, 0x16, 0x45, 0xb2, 0x76, 0xd5, 0x92, 0xa1, }, +		{ 0xb2, 0x74, 0xcb, 0x8e, 0xbf, 0x87, 0x87, 0x0a, }, +		{ 0x6f, 0x9b, 0xb4, 0x20, 0x3d, 0xe7, 0xb3, 0x81, }, +		{ 0xea, 0xec, 0xb2, 0xa3, 0x0b, 0x22, 0xa8, 0x7f, }, +		{ 0x99, 0x24, 0xa4, 0x3c, 0xc1, 0x31, 0x57, 0x24, }, +		{ 0xbd, 0x83, 0x8d, 0x3a, 0xaf, 0xbf, 0x8d, 0xb7, }, +		{ 0x0b, 0x1a, 0x2a, 0x32, 0x65, 0xd5, 0x1a, 0xea, }, +		{ 0x13, 0x50, 0x79, 0xa3, 0x23, 0x1c, 0xe6, 0x60, }, +		{ 0x93, 0x2b, 0x28, 0x46, 0xe4, 0xd7, 0x06, 0x66, }, +		{ 0xe1, 0x91, 0x5f, 0x5c, 0xb1, 0xec, 0xa4, 0x6c, }, +		{ 0xf3, 0x25, 0x96, 0x5c, 0xa1, 0x6d, 0x62, 0x9f, }, +		{ 0x57, 0x5f, 0xf2, 0x8e, 0x60, 0x38, 0x1b, 0xe5, }, +		{ 0x72, 0x45, 0x06, 0xeb, 0x4c, 0x32, 0x8a, 0x95, } +	}; +	unsigned char in[64]; +	struct sipkey k; +	size_t i; + +	sip_tokey(&k, "\000\001\002\003\004\005\006\007\010\011\012\013\014\015\016\017"); + +	for (i = 0; i < sizeof in; ++i) { +		in[i] = i; + +		if (siphash24(in, i, &k) != SIP_U8TO64_LE(vectors[i])) +			return 0; +	} + +	return 1; +} /* sip24_valid() */ + + +#if SIPHASH_MAIN + +#include <stdio.h> + +int main(void) { +	int ok = sip24_valid(); + +	if (ok) +		puts("OK"); +	else +		puts("FAIL"); + +	return !ok; +} /* main() */ + +#endif /* SIPHASH_MAIN */ + + +#endif /* SIPHASH_H */ diff --git a/3rdParty/Expat/src/winconfig.h b/3rdParty/Expat/src/winconfig.h new file mode 100644 index 0000000..9bf014d --- /dev/null +++ b/3rdParty/Expat/src/winconfig.h @@ -0,0 +1,40 @@ +/*================================================================ +** Copyright 2000, Clark Cooper +** All rights reserved. +** +** This is free software. You are permitted to copy, distribute, or modify +** it under the terms of the MIT/X license (contained in the COPYING file +** with this distribution.) +*/ + +#ifndef WINCONFIG_H +#define WINCONFIG_H + +#define WIN32_LEAN_AND_MEAN +#include <windows.h> +#undef WIN32_LEAN_AND_MEAN + +#include <memory.h> +#include <string.h> + + +#if defined(HAVE_EXPAT_CONFIG_H)  /* e.g. MinGW */ +# include <expat_config.h> +#else  /* !defined(HAVE_EXPAT_CONFIG_H) */ + + +#define XML_NS 1 +#define XML_DTD 1 +#define XML_CONTEXT_BYTES 1024 + +/* we will assume all Windows platforms are little endian */ +#define BYTEORDER 1234 + +/* Windows has memmove() available. */ +#define HAVE_MEMMOVE + + +#endif /* !defined(HAVE_EXPAT_CONFIG_H) */ + + +#endif /* ndef WINCONFIG_H */ diff --git a/3rdParty/Expat/src/xmlparse.c b/3rdParty/Expat/src/xmlparse.c index 9b8bd69..76f078e 100644 --- a/3rdParty/Expat/src/xmlparse.c +++ b/3rdParty/Expat/src/xmlparse.c @@ -1,29 +1,37 @@  /* Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center Ltd     See the file COPYING for copying permission. + +   77fea421d361dca90041d0040ecf1dca651167fadf2af79e990e35168d70d933 (2.2.1+)  */ +#define _GNU_SOURCE                     /* syscall prototype */ +  #include <stddef.h>  #include <string.h>                     /* memset(), memcpy() */  #include <assert.h>  #include <limits.h>                     /* UINT_MAX */ -#include <time.h>                       /* time() */ +#include <stdio.h>                      /* fprintf */ +#include <stdlib.h>                     /* getenv */ + +#ifdef _WIN32 +#define getpid GetCurrentProcessId +#else +#include <sys/time.h>                   /* gettimeofday() */ +#include <sys/types.h>                  /* getpid() */ +#include <unistd.h>                     /* getpid() */ +#endif  #define XML_BUILDING_EXPAT 1 -#ifdef COMPILED_FROM_DSP +#ifdef _WIN32  #include "winconfig.h" -#elif defined(MACOS_CLASSIC) -#include "macconfig.h" -#elif defined(__amigaos__) -#include "amigaconfig.h" -#elif defined(__WATCOMC__) -#include "watcomconfig.h"  #elif defined(HAVE_EXPAT_CONFIG_H)  #include <expat_config.h> -#endif /* ndef COMPILED_FROM_DSP */ +#endif /* ndef _WIN32 */  #include "ascii.h"  #include "expat.h" +#include "siphash.h"  #ifdef XML_UNICODE  #define XML_ENCODE_MAX XML_UTF16_ENCODE_MAX @@ -102,17 +110,11 @@ typedef struct {    const XML_Memory_Handling_Suite *mem;  } HASH_TABLE; -/* Basic character hash algorithm, taken from Python's string hash: -   h = h * 1000003 ^ character, the constant being a prime number. +static size_t +keylen(KEY s); -*/ -#ifdef XML_UNICODE -#define CHAR_HASH(h, c) \ -  (((h) * 0xF4243) ^ (unsigned short)(c)) -#else -#define CHAR_HASH(h, c) \ -  (((h) * 0xF4243) ^ (unsigned char)(c)) -#endif +static void +copy_salt_to_sipkey(XML_Parser parser, struct sipkey * key);  /* For probing (after a collision) we need a step size relative prime     to the hash table size, which is a power of 2. We use double-hashing, @@ -348,6 +350,8 @@ doIgnoreSection(XML_Parser parser, const ENCODING *, const char **startPtr,                  const char *end, const char **nextPtr, XML_Bool haveMore);  #endif /* XML_DTD */ +static void +freeBindings(XML_Parser parser, BINDING *bindings);  static enum XML_Error  storeAtts(XML_Parser parser, const ENCODING *, const char *s,            TAG_NAME *tagNamePtr, BINDING **bindingsPtr); @@ -432,7 +436,7 @@ static ELEMENT_TYPE *  getElementType(XML_Parser parser, const ENCODING *enc,                 const char *ptr, const char *end); -static unsigned long generate_hash_secret_salt(void); +static unsigned long generate_hash_secret_salt(XML_Parser parser);  static XML_Bool startParsing(XML_Parser parser);  static XML_Parser @@ -690,12 +694,155 @@ static const XML_Char implicitContext[] = {    ASCII_s, ASCII_p, ASCII_a, ASCII_c, ASCII_e, '\0'  }; + +#if defined(HAVE_GETRANDOM) || defined(HAVE_SYSCALL_GETRANDOM) +# include <errno.h> + +# if defined(HAVE_GETRANDOM) +#  include <sys/random.h>    /* getrandom */ +# else +#  include <unistd.h>        /* syscall */ +#  include <sys/syscall.h>   /* SYS_getrandom */ +# endif + +/* Obtain entropy on Linux 3.17+ */ +static int +writeRandomBytes_getrandom(void * target, size_t count) { +  int success = 0;  /* full count bytes written? */ +  size_t bytesWrittenTotal = 0; +  const unsigned int getrandomFlags = 0; + +  do { +    void * const currentTarget = (void*)((char*)target + bytesWrittenTotal); +    const size_t bytesToWrite = count - bytesWrittenTotal; + +    const int bytesWrittenMore = +#if defined(HAVE_GETRANDOM) +        getrandom(currentTarget, bytesToWrite, getrandomFlags); +#else +        syscall(SYS_getrandom, currentTarget, bytesToWrite, getrandomFlags); +#endif + +    if (bytesWrittenMore > 0) { +      bytesWrittenTotal += bytesWrittenMore; +      if (bytesWrittenTotal >= count) +        success = 1; +    } +  } while (! success && (errno == EINTR || errno == EAGAIN)); + +  return success; +} + +#endif  /* defined(HAVE_GETRANDOM) || defined(HAVE_SYSCALL_GETRANDOM) */ + + +#ifdef _WIN32 + +typedef BOOLEAN (APIENTRY *RTLGENRANDOM_FUNC)(PVOID, ULONG); + +/* Obtain entropy on Windows XP / Windows Server 2003 and later. + * Hint on RtlGenRandom and the following article from libsodioum. + * + * Michael Howard: Cryptographically Secure Random number on Windows without using CryptoAPI + * https://blogs.msdn.microsoft.com/michael_howard/2005/01/14/cryptographically-secure-random-number-on-windows-without-using-cryptoapi/ + */ +static int +writeRandomBytes_RtlGenRandom(void * target, size_t count) { +  int success = 0;  /* full count bytes written? */ +  const HMODULE advapi32 = LoadLibrary("ADVAPI32.DLL"); + +  if (advapi32) { +    const RTLGENRANDOM_FUNC RtlGenRandom +        = (RTLGENRANDOM_FUNC)GetProcAddress(advapi32, "SystemFunction036"); +    if (RtlGenRandom) { +      if (RtlGenRandom((PVOID)target, (ULONG)count) == TRUE) { +        success = 1; +      } +    } +    FreeLibrary(advapi32); +  } + +  return success; +} + +#endif /* _WIN32 */ + +  static unsigned long -generate_hash_secret_salt(void) +gather_time_entropy(void)  { -  unsigned int seed = time(NULL) % UINT_MAX; -  srand(seed); -  return rand(); +#ifdef _WIN32 +  FILETIME ft; +  GetSystemTimeAsFileTime(&ft); /* never fails */ +  return ft.dwHighDateTime ^ ft.dwLowDateTime; +#else +  struct timeval tv; +  int gettimeofday_res; + +  gettimeofday_res = gettimeofday(&tv, NULL); +  assert (gettimeofday_res == 0); + +  /* Microseconds time is <20 bits entropy */ +  return tv.tv_usec; +#endif +} + +#if defined(HAVE_ARC4RANDOM_BUF) && defined(HAVE_LIBBSD) +# include <bsd/stdlib.h> +#endif + +static unsigned long +ENTROPY_DEBUG(const char * label, unsigned long entropy) { +  const char * const EXPAT_ENTROPY_DEBUG = getenv("EXPAT_ENTROPY_DEBUG"); +  if (EXPAT_ENTROPY_DEBUG && ! strcmp(EXPAT_ENTROPY_DEBUG, "1")) { +    fprintf(stderr, "Entropy: %s --> 0x%0*lx (%lu bytes)\n", +        label, +        (int)sizeof(entropy) * 2, entropy, +        (unsigned long)sizeof(entropy)); +  } +  return entropy; +} + +static unsigned long +generate_hash_secret_salt(XML_Parser parser) +{ +  unsigned long entropy; +  (void)parser; +#if defined(HAVE_ARC4RANDOM_BUF) || defined(__CloudABI__) +  (void)gather_time_entropy; +  arc4random_buf(&entropy, sizeof(entropy)); +  return ENTROPY_DEBUG("arc4random_buf", entropy); +#else +  /* Try high quality providers first .. */ +#ifdef _WIN32 +  if (writeRandomBytes_RtlGenRandom((void *)&entropy, sizeof(entropy))) { +    return ENTROPY_DEBUG("RtlGenRandom", entropy); +  } +#elif defined(HAVE_GETRANDOM) || defined(HAVE_SYSCALL_GETRANDOM) +  if (writeRandomBytes_getrandom((void *)&entropy, sizeof(entropy))) { +    return ENTROPY_DEBUG("getrandom", entropy); +  } +#endif +  /* .. and self-made low quality for backup: */ + +  /* Process ID is 0 bits entropy if attacker has local access */ +  entropy = gather_time_entropy() ^ getpid(); + +  /* Factors are 2^31-1 and 2^61-1 (Mersenne primes M31 and M61) */ +  if (sizeof(unsigned long) == 4) { +    return ENTROPY_DEBUG("fallback(4)", entropy * 2147483647); +  } else { +    return ENTROPY_DEBUG("fallback(8)", +        entropy * (unsigned long)2305843009213693951); +  } +#endif +} + +static unsigned long +get_hash_secret_salt(XML_Parser parser) { +  if (parser->m_parentParser != NULL) +    return get_hash_secret_salt(parser->m_parentParser); +  return parser->m_hash_secret_salt;  }  static XML_Bool  /* only valid for root parser */ @@ -703,7 +850,7 @@ startParsing(XML_Parser parser)  {      /* hash functions must be initialized before setContext() is called */      if (hash_secret_salt == 0) -      hash_secret_salt = generate_hash_secret_salt(); +      hash_secret_salt = generate_hash_secret_salt(parser);      if (ns) {        /* implicit context only set for root parser, since child           parsers (i.e. external entity parsers) will inherit it @@ -926,6 +1073,10 @@ XML_ParserReset(XML_Parser parser, const XML_Char *encodingName)  {    TAG *tStk;    OPEN_INTERNAL_ENTITY *openEntityList; + +  if (parser == NULL) +      return XML_FALSE; +    if (parentParser)      return XML_FALSE;    /* move tagStack to freeTagList */ @@ -960,6 +1111,8 @@ XML_ParserReset(XML_Parser parser, const XML_Char *encodingName)  enum XML_Status XMLCALL  XML_SetEncoding(XML_Parser parser, const XML_Char *encodingName)  { +  if (parser == NULL) +      return XML_STATUS_ERROR;    /* Block after XML_Parse()/XML_ParseBuffer() has been called.       XXX There's no way for the caller to determine which of the       XXX possible error cases caused the XML_STATUS_ERROR return. @@ -983,52 +1136,88 @@ XML_ExternalEntityParserCreate(XML_Parser oldParser,  {    XML_Parser parser = oldParser;    DTD *newDtd = NULL; -  DTD *oldDtd = _dtd; -  XML_StartElementHandler oldStartElementHandler = startElementHandler; -  XML_EndElementHandler oldEndElementHandler = endElementHandler; -  XML_CharacterDataHandler oldCharacterDataHandler = characterDataHandler; -  XML_ProcessingInstructionHandler oldProcessingInstructionHandler -      = processingInstructionHandler; -  XML_CommentHandler oldCommentHandler = commentHandler; -  XML_StartCdataSectionHandler oldStartCdataSectionHandler -      = startCdataSectionHandler; -  XML_EndCdataSectionHandler oldEndCdataSectionHandler -      = endCdataSectionHandler; -  XML_DefaultHandler oldDefaultHandler = defaultHandler; -  XML_UnparsedEntityDeclHandler oldUnparsedEntityDeclHandler -      = unparsedEntityDeclHandler; -  XML_NotationDeclHandler oldNotationDeclHandler = notationDeclHandler; -  XML_StartNamespaceDeclHandler oldStartNamespaceDeclHandler -      = startNamespaceDeclHandler; -  XML_EndNamespaceDeclHandler oldEndNamespaceDeclHandler -      = endNamespaceDeclHandler; -  XML_NotStandaloneHandler oldNotStandaloneHandler = notStandaloneHandler; -  XML_ExternalEntityRefHandler oldExternalEntityRefHandler -      = externalEntityRefHandler; -  XML_SkippedEntityHandler oldSkippedEntityHandler = skippedEntityHandler; -  XML_UnknownEncodingHandler oldUnknownEncodingHandler -      = unknownEncodingHandler; -  XML_ElementDeclHandler oldElementDeclHandler = elementDeclHandler; -  XML_AttlistDeclHandler oldAttlistDeclHandler = attlistDeclHandler; -  XML_EntityDeclHandler oldEntityDeclHandler = entityDeclHandler; -  XML_XmlDeclHandler oldXmlDeclHandler = xmlDeclHandler; -  ELEMENT_TYPE * oldDeclElementType = declElementType; - -  void *oldUserData = userData; -  void *oldHandlerArg = handlerArg; -  XML_Bool oldDefaultExpandInternalEntities = defaultExpandInternalEntities; -  XML_Parser oldExternalEntityRefHandlerArg = externalEntityRefHandlerArg; +  DTD *oldDtd; +  XML_StartElementHandler oldStartElementHandler; +  XML_EndElementHandler oldEndElementHandler; +  XML_CharacterDataHandler oldCharacterDataHandler; +  XML_ProcessingInstructionHandler oldProcessingInstructionHandler; +  XML_CommentHandler oldCommentHandler; +  XML_StartCdataSectionHandler oldStartCdataSectionHandler; +  XML_EndCdataSectionHandler oldEndCdataSectionHandler; +  XML_DefaultHandler oldDefaultHandler; +  XML_UnparsedEntityDeclHandler oldUnparsedEntityDeclHandler; +  XML_NotationDeclHandler oldNotationDeclHandler; +  XML_StartNamespaceDeclHandler oldStartNamespaceDeclHandler; +  XML_EndNamespaceDeclHandler oldEndNamespaceDeclHandler; +  XML_NotStandaloneHandler oldNotStandaloneHandler; +  XML_ExternalEntityRefHandler oldExternalEntityRefHandler; +  XML_SkippedEntityHandler oldSkippedEntityHandler; +  XML_UnknownEncodingHandler oldUnknownEncodingHandler; +  XML_ElementDeclHandler oldElementDeclHandler; +  XML_AttlistDeclHandler oldAttlistDeclHandler; +  XML_EntityDeclHandler oldEntityDeclHandler; +  XML_XmlDeclHandler oldXmlDeclHandler; +  ELEMENT_TYPE * oldDeclElementType; + +  void *oldUserData; +  void *oldHandlerArg; +  XML_Bool oldDefaultExpandInternalEntities; +  XML_Parser oldExternalEntityRefHandlerArg;  #ifdef XML_DTD -  enum XML_ParamEntityParsing oldParamEntityParsing = paramEntityParsing; -  int oldInEntityValue = prologState.inEntityValue; +  enum XML_ParamEntityParsing oldParamEntityParsing; +  int oldInEntityValue;  #endif -  XML_Bool oldns_triplets = ns_triplets; +  XML_Bool oldns_triplets;    /* Note that the new parser shares the same hash secret as the old       parser, so that dtdCopy and copyEntityTable can lookup values       from hash tables associated with either parser without us having       to worry which hash secrets each table has.    */ -  unsigned long oldhash_secret_salt = hash_secret_salt; +  unsigned long oldhash_secret_salt; + +  /* Validate the oldParser parameter before we pull everything out of it */ +  if (oldParser == NULL) +    return NULL; + +  /* Stash the original parser contents on the stack */ +  oldDtd = _dtd; +  oldStartElementHandler = startElementHandler; +  oldEndElementHandler = endElementHandler; +  oldCharacterDataHandler = characterDataHandler; +  oldProcessingInstructionHandler = processingInstructionHandler; +  oldCommentHandler = commentHandler; +  oldStartCdataSectionHandler = startCdataSectionHandler; +  oldEndCdataSectionHandler = endCdataSectionHandler; +  oldDefaultHandler = defaultHandler; +  oldUnparsedEntityDeclHandler = unparsedEntityDeclHandler; +  oldNotationDeclHandler = notationDeclHandler; +  oldStartNamespaceDeclHandler = startNamespaceDeclHandler; +  oldEndNamespaceDeclHandler = endNamespaceDeclHandler; +  oldNotStandaloneHandler = notStandaloneHandler; +  oldExternalEntityRefHandler = externalEntityRefHandler; +  oldSkippedEntityHandler = skippedEntityHandler; +  oldUnknownEncodingHandler = unknownEncodingHandler; +  oldElementDeclHandler = elementDeclHandler; +  oldAttlistDeclHandler = attlistDeclHandler; +  oldEntityDeclHandler = entityDeclHandler; +  oldXmlDeclHandler = xmlDeclHandler; +  oldDeclElementType = declElementType; + +  oldUserData = userData; +  oldHandlerArg = handlerArg; +  oldDefaultExpandInternalEntities = defaultExpandInternalEntities; +  oldExternalEntityRefHandlerArg = externalEntityRefHandlerArg; +#ifdef XML_DTD +  oldParamEntityParsing = paramEntityParsing; +  oldInEntityValue = prologState.inEntityValue; +#endif +  oldns_triplets = ns_triplets; +  /* Note that the new parser shares the same hash secret as the old +     parser, so that dtdCopy and copyEntityTable can lookup values +     from hash tables associated with either parser without us having +     to worry which hash secrets each table has. +  */ +  oldhash_secret_salt = hash_secret_salt;  #ifdef XML_DTD    if (!context) @@ -1194,12 +1383,15 @@ XML_ParserFree(XML_Parser parser)  void XMLCALL  XML_UseParserAsHandlerArg(XML_Parser parser)  { -  handlerArg = parser; +  if (parser != NULL) +    handlerArg = parser;  }  enum XML_Error XMLCALL  XML_UseForeignDTD(XML_Parser parser, XML_Bool useDTD)  { +  if (parser == NULL) +    return XML_ERROR_INVALID_ARGUMENT;  #ifdef XML_DTD    /* block after XML_Parse()/XML_ParseBuffer() has been called */    if (ps_parsing == XML_PARSING || ps_parsing == XML_SUSPENDED) @@ -1214,6 +1406,8 @@ XML_UseForeignDTD(XML_Parser parser, XML_Bool useDTD)  void XMLCALL  XML_SetReturnNSTriplet(XML_Parser parser, int do_nst)  { +  if (parser == NULL) +    return;    /* block after XML_Parse()/XML_ParseBuffer() has been called */    if (ps_parsing == XML_PARSING || ps_parsing == XML_SUSPENDED)      return; @@ -1223,6 +1417,8 @@ XML_SetReturnNSTriplet(XML_Parser parser, int do_nst)  void XMLCALL  XML_SetUserData(XML_Parser parser, void *p)  { +  if (parser == NULL) +    return;    if (handlerArg == userData)      handlerArg = userData = p;    else @@ -1232,6 +1428,8 @@ XML_SetUserData(XML_Parser parser, void *p)  enum XML_Status XMLCALL  XML_SetBase(XML_Parser parser, const XML_Char *p)  { +  if (parser == NULL) +    return XML_STATUS_ERROR;    if (p) {      p = poolCopyString(&_dtd->pool, p);      if (!p) @@ -1246,18 +1444,24 @@ XML_SetBase(XML_Parser parser, const XML_Char *p)  const XML_Char * XMLCALL  XML_GetBase(XML_Parser parser)  { +  if (parser == NULL) +    return NULL;    return curBase;  }  int XMLCALL  XML_GetSpecifiedAttributeCount(XML_Parser parser)  { +  if (parser == NULL) +    return -1;    return nSpecifiedAtts;  }  int XMLCALL  XML_GetIdAttributeIndex(XML_Parser parser)  { +  if (parser == NULL) +    return -1;    return idAttIndex;  } @@ -1265,6 +1469,8 @@ XML_GetIdAttributeIndex(XML_Parser parser)  const XML_AttrInfo * XMLCALL  XML_GetAttributeInfo(XML_Parser parser)  { +  if (parser == NULL) +    return NULL;    return attInfo;  }  #endif @@ -1274,6 +1480,8 @@ XML_SetElementHandler(XML_Parser parser,                        XML_StartElementHandler start,                        XML_EndElementHandler end)  { +  if (parser == NULL) +    return;    startElementHandler = start;    endElementHandler = end;  } @@ -1281,34 +1489,39 @@ XML_SetElementHandler(XML_Parser parser,  void XMLCALL  XML_SetStartElementHandler(XML_Parser parser,                             XML_StartElementHandler start) { -  startElementHandler = start; +  if (parser != NULL) +    startElementHandler = start;  }  void XMLCALL  XML_SetEndElementHandler(XML_Parser parser,                           XML_EndElementHandler end) { -  endElementHandler = end; +  if (parser != NULL) +    endElementHandler = end;  }  void XMLCALL  XML_SetCharacterDataHandler(XML_Parser parser,                              XML_CharacterDataHandler handler)  { -  characterDataHandler = handler; +  if (parser != NULL) +    characterDataHandler = handler;  }  void XMLCALL  XML_SetProcessingInstructionHandler(XML_Parser parser,                                      XML_ProcessingInstructionHandler handler)  { -  processingInstructionHandler = handler; +  if (parser != NULL) +    processingInstructionHandler = handler;  }  void XMLCALL  XML_SetCommentHandler(XML_Parser parser,                        XML_CommentHandler handler)  { -  commentHandler = handler; +  if (parser != NULL) +    commentHandler = handler;  }  void XMLCALL @@ -1316,6 +1529,8 @@ XML_SetCdataSectionHandler(XML_Parser parser,                             XML_StartCdataSectionHandler start,                             XML_EndCdataSectionHandler end)  { +  if (parser == NULL) +    return;    startCdataSectionHandler = start;    endCdataSectionHandler = end;  } @@ -1323,19 +1538,23 @@ XML_SetCdataSectionHandler(XML_Parser parser,  void XMLCALL  XML_SetStartCdataSectionHandler(XML_Parser parser,                                  XML_StartCdataSectionHandler start) { -  startCdataSectionHandler = start; +  if (parser != NULL) +    startCdataSectionHandler = start;  }  void XMLCALL  XML_SetEndCdataSectionHandler(XML_Parser parser,                                XML_EndCdataSectionHandler end) { -  endCdataSectionHandler = end; +  if (parser != NULL) +    endCdataSectionHandler = end;  }  void XMLCALL  XML_SetDefaultHandler(XML_Parser parser,                        XML_DefaultHandler handler)  { +  if (parser == NULL) +    return;    defaultHandler = handler;    defaultExpandInternalEntities = XML_FALSE;  } @@ -1344,6 +1563,8 @@ void XMLCALL  XML_SetDefaultHandlerExpand(XML_Parser parser,                              XML_DefaultHandler handler)  { +  if (parser == NULL) +    return;    defaultHandler = handler;    defaultExpandInternalEntities = XML_TRUE;  } @@ -1353,6 +1574,8 @@ XML_SetDoctypeDeclHandler(XML_Parser parser,                            XML_StartDoctypeDeclHandler start,                            XML_EndDoctypeDeclHandler end)  { +  if (parser == NULL) +    return;    startDoctypeDeclHandler = start;    endDoctypeDeclHandler = end;  } @@ -1360,27 +1583,31 @@ XML_SetDoctypeDeclHandler(XML_Parser parser,  void XMLCALL  XML_SetStartDoctypeDeclHandler(XML_Parser parser,                                 XML_StartDoctypeDeclHandler start) { -  startDoctypeDeclHandler = start; +  if (parser != NULL) +    startDoctypeDeclHandler = start;  }  void XMLCALL  XML_SetEndDoctypeDeclHandler(XML_Parser parser,                               XML_EndDoctypeDeclHandler end) { -  endDoctypeDeclHandler = end; +  if (parser != NULL) +    endDoctypeDeclHandler = end;  }  void XMLCALL  XML_SetUnparsedEntityDeclHandler(XML_Parser parser,                                   XML_UnparsedEntityDeclHandler handler)  { -  unparsedEntityDeclHandler = handler; +  if (parser != NULL) +    unparsedEntityDeclHandler = handler;  }  void XMLCALL  XML_SetNotationDeclHandler(XML_Parser parser,                             XML_NotationDeclHandler handler)  { -  notationDeclHandler = handler; +  if (parser != NULL) +    notationDeclHandler = handler;  }  void XMLCALL @@ -1388,6 +1615,8 @@ XML_SetNamespaceDeclHandler(XML_Parser parser,                              XML_StartNamespaceDeclHandler start,                              XML_EndNamespaceDeclHandler end)  { +  if (parser == NULL) +    return;    startNamespaceDeclHandler = start;    endNamespaceDeclHandler = end;  } @@ -1395,32 +1624,38 @@ XML_SetNamespaceDeclHandler(XML_Parser parser,  void XMLCALL  XML_SetStartNamespaceDeclHandler(XML_Parser parser,                                   XML_StartNamespaceDeclHandler start) { -  startNamespaceDeclHandler = start; +  if (parser != NULL) +    startNamespaceDeclHandler = start;  }  void XMLCALL  XML_SetEndNamespaceDeclHandler(XML_Parser parser,                                 XML_EndNamespaceDeclHandler end) { -  endNamespaceDeclHandler = end; +  if (parser != NULL) +    endNamespaceDeclHandler = end;  }  void XMLCALL  XML_SetNotStandaloneHandler(XML_Parser parser,                              XML_NotStandaloneHandler handler)  { -  notStandaloneHandler = handler; +  if (parser != NULL) +    notStandaloneHandler = handler;  }  void XMLCALL  XML_SetExternalEntityRefHandler(XML_Parser parser,                                  XML_ExternalEntityRefHandler handler)  { -  externalEntityRefHandler = handler; +  if (parser != NULL) +    externalEntityRefHandler = handler;  }  void XMLCALL  XML_SetExternalEntityRefHandlerArg(XML_Parser parser, void *arg)  { +  if (parser == NULL) +    return;    if (arg)      externalEntityRefHandlerArg = (XML_Parser)arg;    else @@ -1431,7 +1666,8 @@ void XMLCALL  XML_SetSkippedEntityHandler(XML_Parser parser,                              XML_SkippedEntityHandler handler)  { -  skippedEntityHandler = handler; +  if (parser != NULL) +    skippedEntityHandler = handler;  }  void XMLCALL @@ -1439,6 +1675,8 @@ XML_SetUnknownEncodingHandler(XML_Parser parser,                                XML_UnknownEncodingHandler handler,                                void *data)  { +  if (parser == NULL) +    return;    unknownEncodingHandler = handler;    unknownEncodingHandlerData = data;  } @@ -1447,33 +1685,39 @@ void XMLCALL  XML_SetElementDeclHandler(XML_Parser parser,                            XML_ElementDeclHandler eldecl)  { -  elementDeclHandler = eldecl; +  if (parser != NULL) +    elementDeclHandler = eldecl;  }  void XMLCALL  XML_SetAttlistDeclHandler(XML_Parser parser,                            XML_AttlistDeclHandler attdecl)  { -  attlistDeclHandler = attdecl; +  if (parser != NULL) +    attlistDeclHandler = attdecl;  }  void XMLCALL  XML_SetEntityDeclHandler(XML_Parser parser,                           XML_EntityDeclHandler handler)  { -  entityDeclHandler = handler; +  if (parser != NULL) +    entityDeclHandler = handler;  }  void XMLCALL  XML_SetXmlDeclHandler(XML_Parser parser,                        XML_XmlDeclHandler handler) { -  xmlDeclHandler = handler; +  if (parser != NULL) +    xmlDeclHandler = handler;  }  int XMLCALL  XML_SetParamEntityParsing(XML_Parser parser,                            enum XML_ParamEntityParsing peParsing)  { +  if (parser == NULL) +    return 0;    /* block after XML_Parse()/XML_ParseBuffer() has been called */    if (ps_parsing == XML_PARSING || ps_parsing == XML_SUSPENDED)      return 0; @@ -1489,6 +1733,10 @@ int XMLCALL  XML_SetHashSalt(XML_Parser parser,                  unsigned long hash_salt)  { +  if (parser == NULL) +    return 0; +  if (parser->m_parentParser) +    return XML_SetHashSalt(parser->m_parentParser, hash_salt);    /* block after XML_Parse()/XML_ParseBuffer() has been called */    if (ps_parsing == XML_PARSING || ps_parsing == XML_SUSPENDED)      return 0; @@ -1499,6 +1747,10 @@ XML_SetHashSalt(XML_Parser parser,  enum XML_Status XMLCALL  XML_Parse(XML_Parser parser, const char *s, int len, int isFinal)  { +  if ((parser == NULL) || (len < 0) || ((s == NULL) && (len != 0))) { +    errorCode = XML_ERROR_INVALID_ARGUMENT; +    return XML_STATUS_ERROR; +  }    switch (ps_parsing) {    case XML_SUSPENDED:      errorCode = XML_ERROR_SUSPENDED; @@ -1550,7 +1802,14 @@ XML_Parse(XML_Parser parser, const char *s, int len, int isFinal)    else if (bufferPtr == bufferEnd) {      const char *end;      int nLeftOver; -    enum XML_Error result; +    enum XML_Status result; +    /* Detect overflow (a+b > MAX <==> b > MAX-a) */ +    if (len > ((XML_Size)-1) / 2 - parseEndByteIndex) { +       errorCode = XML_ERROR_NO_MEMORY; +       eventPtr = eventEndPtr = NULL; +       processor = errorProcessor; +       return XML_STATUS_ERROR; +    }      parseEndByteIndex += len;      positionPtr = s;      ps_finalBuffer = (XML_Bool)isFinal; @@ -1583,11 +1842,14 @@ XML_Parse(XML_Parser parser, const char *s, int len, int isFinal)      nLeftOver = s + len - end;      if (nLeftOver) {        if (buffer == NULL || nLeftOver > bufferLim - buffer) { -        /* FIXME avoid integer overflow */ -        char *temp; -        temp = (buffer == NULL -                ? (char *)MALLOC(len * 2) -                : (char *)REALLOC(buffer, len * 2)); +        /* avoid _signed_ integer overflow */ +        char *temp = NULL; +        const int bytesToAllocate = (int)((unsigned)len * 2U); +        if (bytesToAllocate > 0) { +          temp = (buffer == NULL +                ? (char *)MALLOC(bytesToAllocate) +                : (char *)REALLOC(buffer, bytesToAllocate)); +        }          if (temp == NULL) {            errorCode = XML_ERROR_NO_MEMORY;            eventPtr = eventEndPtr = NULL; @@ -1595,7 +1857,7 @@ XML_Parse(XML_Parser parser, const char *s, int len, int isFinal)            return XML_STATUS_ERROR;          }          buffer = temp; -        bufferLim = buffer + len * 2; +        bufferLim = buffer + bytesToAllocate;        }        memcpy(buffer, end, nLeftOver);      } @@ -1625,6 +1887,8 @@ XML_ParseBuffer(XML_Parser parser, int len, int isFinal)    const char *start;    enum XML_Status result = XML_STATUS_OK; +  if (parser == NULL) +    return XML_STATUS_ERROR;    switch (ps_parsing) {    case XML_SUSPENDED:      errorCode = XML_ERROR_SUSPENDED; @@ -1678,6 +1942,12 @@ XML_ParseBuffer(XML_Parser parser, int len, int isFinal)  void * XMLCALL  XML_GetBuffer(XML_Parser parser, int len)  { +  if (parser == NULL) +    return NULL; +  if (len < 0) { +    errorCode = XML_ERROR_NO_MEMORY; +    return NULL; +  }    switch (ps_parsing) {    case XML_SUSPENDED:      errorCode = XML_ERROR_SUSPENDED; @@ -1689,11 +1959,17 @@ XML_GetBuffer(XML_Parser parser, int len)    }    if (len > bufferLim - bufferEnd) { -    /* FIXME avoid integer overflow */ -    int neededSize = len + (int)(bufferEnd - bufferPtr);  #ifdef XML_CONTEXT_BYTES -    int keep = (int)(bufferPtr - buffer); - +    int keep; +#endif  /* defined XML_CONTEXT_BYTES */ +    /* Do not invoke signed arithmetic overflow: */ +    int neededSize = (int) ((unsigned)len + (unsigned)(bufferEnd - bufferPtr)); +    if (neededSize < 0) { +      errorCode = XML_ERROR_NO_MEMORY; +      return NULL; +    } +#ifdef XML_CONTEXT_BYTES +    keep = (int)(bufferPtr - buffer);      if (keep > XML_CONTEXT_BYTES)        keep = XML_CONTEXT_BYTES;      neededSize += keep; @@ -1718,8 +1994,13 @@ XML_GetBuffer(XML_Parser parser, int len)        if (bufferSize == 0)          bufferSize = INIT_BUFFER_SIZE;        do { -        bufferSize *= 2; -      } while (bufferSize < neededSize); +        /* Do not invoke signed arithmetic overflow: */ +        bufferSize = (int) (2U * (unsigned) bufferSize); +      } while (bufferSize < neededSize && bufferSize > 0); +      if (bufferSize <= 0) { +        errorCode = XML_ERROR_NO_MEMORY; +        return NULL; +      }        newBuf = (char *)MALLOC(bufferSize);        if (newBuf == 0) {          errorCode = XML_ERROR_NO_MEMORY; @@ -1759,6 +2040,8 @@ XML_GetBuffer(XML_Parser parser, int len)  enum XML_Status XMLCALL  XML_StopParser(XML_Parser parser, XML_Bool resumable)  { +  if (parser == NULL) +    return XML_STATUS_ERROR;    switch (ps_parsing) {    case XML_SUSPENDED:      if (resumable) { @@ -1791,6 +2074,8 @@ XML_ResumeParser(XML_Parser parser)  {    enum XML_Status result = XML_STATUS_OK; +  if (parser == NULL) +    return XML_STATUS_ERROR;    if (ps_parsing != XML_SUSPENDED) {      errorCode = XML_ERROR_NOT_SUSPENDED;      return XML_STATUS_ERROR; @@ -1827,6 +2112,8 @@ XML_ResumeParser(XML_Parser parser)  void XMLCALL  XML_GetParsingStatus(XML_Parser parser, XML_ParsingStatus *status)  { +  if (parser == NULL) +    return;    assert(status != NULL);    *status = parser->m_parsingStatus;  } @@ -1834,20 +2121,26 @@ XML_GetParsingStatus(XML_Parser parser, XML_ParsingStatus *status)  enum XML_Error XMLCALL  XML_GetErrorCode(XML_Parser parser)  { +  if (parser == NULL) +    return XML_ERROR_INVALID_ARGUMENT;    return errorCode;  }  XML_Index XMLCALL  XML_GetCurrentByteIndex(XML_Parser parser)  { +  if (parser == NULL) +    return -1;    if (eventPtr) -    return parseEndByteIndex - (parseEndPtr - eventPtr); +    return (XML_Index)(parseEndByteIndex - (parseEndPtr - eventPtr));    return -1;  }  int XMLCALL  XML_GetCurrentByteCount(XML_Parser parser)  { +  if (parser == NULL) +    return 0;    if (eventEndPtr && eventPtr)      return (int)(eventEndPtr - eventPtr);    return 0; @@ -1857,11 +2150,19 @@ const char * XMLCALL  XML_GetInputContext(XML_Parser parser, int *offset, int *size)  {  #ifdef XML_CONTEXT_BYTES +  if (parser == NULL) +    return NULL;    if (eventPtr && buffer) { -    *offset = (int)(eventPtr - buffer); -    *size   = (int)(bufferEnd - buffer); +    if (offset != NULL) +      *offset = (int)(eventPtr - buffer); +    if (size != NULL) +      *size   = (int)(bufferEnd - buffer);      return buffer;    } +#else +  (void)parser; +  (void)offset; +  (void)size;  #endif /* defined XML_CONTEXT_BYTES */    return (char *) 0;  } @@ -1869,6 +2170,8 @@ XML_GetInputContext(XML_Parser parser, int *offset, int *size)  XML_Size XMLCALL  XML_GetCurrentLineNumber(XML_Parser parser)  { +  if (parser == NULL) +    return 0;    if (eventPtr && eventPtr >= positionPtr) {      XmlUpdatePosition(encoding, positionPtr, eventPtr, &position);      positionPtr = eventPtr; @@ -1879,6 +2182,8 @@ XML_GetCurrentLineNumber(XML_Parser parser)  XML_Size XMLCALL  XML_GetCurrentColumnNumber(XML_Parser parser)  { +  if (parser == NULL) +    return 0;    if (eventPtr && eventPtr >= positionPtr) {      XmlUpdatePosition(encoding, positionPtr, eventPtr, &position);      positionPtr = eventPtr; @@ -1889,30 +2194,38 @@ XML_GetCurrentColumnNumber(XML_Parser parser)  void XMLCALL  XML_FreeContentModel(XML_Parser parser, XML_Content *model)  { -  FREE(model); +  if (parser != NULL) +    FREE(model);  }  void * XMLCALL  XML_MemMalloc(XML_Parser parser, size_t size)  { +  if (parser == NULL) +    return NULL;    return MALLOC(size);  }  void * XMLCALL  XML_MemRealloc(XML_Parser parser, void *ptr, size_t size)  { +  if (parser == NULL) +    return NULL;    return REALLOC(ptr, size);  }  void XMLCALL  XML_MemFree(XML_Parser parser, void *ptr)  { -  FREE(ptr); +  if (parser != NULL) +    FREE(ptr);  }  void XMLCALL  XML_DefaultCurrent(XML_Parser parser)  { +  if (parser == NULL) +    return;    if (defaultHandler) {      if (openInternalEntities)        reportDefault(parser, @@ -2415,11 +2728,11 @@ doContent(XML_Parser parser,            for (;;) {              int bufSize;              int convLen; -            XmlConvert(enc, +            const enum XML_Convert_Result convert_res = XmlConvert(enc,                         &fromPtr, rawNameEnd,                         (ICHAR **)&toPtr, (ICHAR *)tag->bufEnd - 1);              convLen = (int)(toPtr - (XML_Char *)tag->buf); -            if (fromPtr == rawNameEnd) { +            if ((fromPtr >= rawNameEnd) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) {                tag->name.strLen = convLen;                break;              } @@ -2462,8 +2775,10 @@ doContent(XML_Parser parser,            return XML_ERROR_NO_MEMORY;          poolFinish(&tempPool);          result = storeAtts(parser, enc, s, &name, &bindings); -        if (result) +        if (result != XML_ERROR_NONE) { +          freeBindings(parser, bindings);            return result; +        }          poolFinish(&tempPool);          if (startElementHandler) {            startElementHandler(handlerArg, name.str, (const XML_Char **)atts); @@ -2478,15 +2793,7 @@ doContent(XML_Parser parser,          if (noElmHandlers && defaultHandler)            reportDefault(parser, enc, s, next);          poolClear(&tempPool); -        while (bindings) { -          BINDING *b = bindings; -          if (endNamespaceDeclHandler) -            endNamespaceDeclHandler(handlerArg, b->prefix->name); -          bindings = bindings->nextTagBinding; -          b->nextTagBinding = freeBindingList; -          freeBindingList = b; -          b->prefix->binding = b->prevPrefixBinding; -        } +        freeBindings(parser, bindings);        }        if (tagLevel == 0)          return epilogProcessor(parser, next, end, nextPtr); @@ -2640,11 +2947,11 @@ doContent(XML_Parser parser,            if (MUST_CONVERT(enc, s)) {              for (;;) {                ICHAR *dataPtr = (ICHAR *)dataBuf; -              XmlConvert(enc, &s, next, &dataPtr, (ICHAR *)dataBufEnd); +              const enum XML_Convert_Result convert_res = XmlConvert(enc, &s, next, &dataPtr, (ICHAR *)dataBufEnd);                *eventEndPP = s;                charDataHandler(handlerArg, dataBuf,                                (int)(dataPtr - (ICHAR *)dataBuf)); -              if (s == next) +              if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE))                  break;                *eventPP = s;              } @@ -2684,6 +2991,29 @@ doContent(XML_Parser parser,    /* not reached */  } +/* This function does not call free() on the allocated memory, merely + * moving it to the parser's freeBindingList where it can be freed or + * reused as appropriate. + */ +static void +freeBindings(XML_Parser parser, BINDING *bindings) +{ +  while (bindings) { +    BINDING *b = bindings; + +    /* startNamespaceDeclHandler will have been called for this +     * binding in addBindings(), so call the end handler now. +     */ +    if (endNamespaceDeclHandler) +        endNamespaceDeclHandler(handlerArg, b->prefix->name); + +    bindings = bindings->nextTagBinding; +    b->nextTagBinding = freeBindingList; +    freeBindingList = b; +    b->prefix->binding = b->prevPrefixBinding; +  } +} +  /* Precondition: all arguments must be non-NULL;     Purpose:     - normalize attributes @@ -2908,31 +3238,41 @@ storeAtts(XML_Parser parser, const ENCODING *enc,        if (s[-1] == 2) {  /* prefixed */          ATTRIBUTE_ID *id;          const BINDING *b; -        unsigned long uriHash = hash_secret_salt; +        unsigned long uriHash; +        struct siphash sip_state; +        struct sipkey sip_key; + +        copy_salt_to_sipkey(parser, &sip_key); +        sip24_init(&sip_state, &sip_key); +          ((XML_Char *)s)[-1] = 0;  /* clear flag */          id = (ATTRIBUTE_ID *)lookup(parser, &dtd->attributeIds, s, 0); +        if (!id || !id->prefix) +          return XML_ERROR_NO_MEMORY;          b = id->prefix->binding; -        if (!b) { -          //return XML_ERROR_UNBOUND_PREFIX; -          continue; -        } +        if (!b) +          return XML_ERROR_UNBOUND_PREFIX; -        /* as we expand the name we also calculate its hash value */          for (j = 0; j < b->uriLen; j++) {            const XML_Char c = b->uri[j];            if (!poolAppendChar(&tempPool, c))              return XML_ERROR_NO_MEMORY; -          uriHash = CHAR_HASH(uriHash, c);          } + +        sip24_update(&sip_state, b->uri, b->uriLen * sizeof(XML_Char)); +          while (*s++ != XML_T(ASCII_COLON))            ; + +        sip24_update(&sip_state, s, keylen(s) * sizeof(XML_Char)); +          do {  /* copies null terminator */ -          const XML_Char c = *s;            if (!poolAppendChar(&tempPool, *s))              return XML_ERROR_NO_MEMORY; -          uriHash = CHAR_HASH(uriHash, c);          } while (*s++); +        uriHash = (unsigned long)sip24_final(&sip_state); +          { /* Check hash table for duplicate of expanded name (uriName).               Derived from code in lookup(parser, HASH_TABLE *table, ...).            */ @@ -2993,7 +3333,7 @@ storeAtts(XML_Parser parser, const ENCODING *enc,      return XML_ERROR_NONE;    /* expand the element type name */ -  if (elementType->prefix && elementType->prefix->binding) { +  if (elementType->prefix) {      binding = elementType->prefix->binding;      if (!binding)        return XML_ERROR_UNBOUND_PREFIX; @@ -3089,10 +3429,10 @@ addBinding(XML_Parser parser, PREFIX *prefix, const ATTRIBUTE_ID *attId,        && prefix->name[2] == XML_T(ASCII_l)) {      /* Not allowed to bind xmlns */ -    /*if (prefix->name[3] == XML_T(ASCII_n) +    if (prefix->name[3] == XML_T(ASCII_n)          && prefix->name[4] == XML_T(ASCII_s)          && prefix->name[5] == XML_T('\0')) -      return XML_ERROR_RESERVED_PREFIX_XMLNS;*/ +      return XML_ERROR_RESERVED_PREFIX_XMLNS;      if (prefix->name[3] == XML_T('\0'))        mustBeXML = XML_TRUE; @@ -3109,12 +3449,12 @@ addBinding(XML_Parser parser, PREFIX *prefix, const ATTRIBUTE_ID *attId,    isXML = isXML && len == xmlLen;    isXMLNS = isXMLNS && len == xmlnsLen; -  /*if (mustBeXML != isXML) +  if (mustBeXML != isXML)      return mustBeXML ? XML_ERROR_RESERVED_PREFIX_XML -                     : XML_ERROR_RESERVED_NAMESPACE_URI;*/ +                     : XML_ERROR_RESERVED_NAMESPACE_URI; -  /*if (isXMLNS) -    return XML_ERROR_RESERVED_NAMESPACE_URI;*/ +  if (isXMLNS) +    return XML_ERROR_RESERVED_NAMESPACE_URI;    if (namespaceSeparator)      len++; @@ -3250,11 +3590,11 @@ doCdataSection(XML_Parser parser,            if (MUST_CONVERT(enc, s)) {              for (;;) {                ICHAR *dataPtr = (ICHAR *)dataBuf; -              XmlConvert(enc, &s, next, &dataPtr, (ICHAR *)dataBufEnd); +              const enum XML_Convert_Result convert_res = XmlConvert(enc, &s, next, &dataPtr, (ICHAR *)dataBufEnd);                *eventEndPP = next;                charDataHandler(handlerArg, dataBuf,                                (int)(dataPtr - (ICHAR *)dataBuf)); -              if (s == next) +              if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE))                  break;                *eventPP = s;              } @@ -3646,6 +3986,14 @@ entityValueInitProcessor(XML_Parser parser,        *nextPtr = next;        return XML_ERROR_NONE;      } +    /* If we get this token, we have the start of what might be a +       normal tag, but not a declaration (i.e. it doesn't begin with +       "<!").  In a DTD context, that isn't legal. +    */ +    else if (tok == XML_TOK_INSTANCE_START) { +      *nextPtr = next; +      return XML_ERROR_SYNTAX; +    }      start = next;      eventPtr = start;    } @@ -4822,6 +5170,8 @@ processInternalEntity(XML_Parser parser, ENTITY *entity,    openEntity->internalEventEndPtr = NULL;    textStart = (char *)entity->textPtr;    textEnd = (char *)(entity->textPtr + entity->textLen); +  /* Set a safe default value in case 'next' does not get set */ +  next = textStart;  #ifdef XML_DTD    if (entity->is_param) { @@ -4867,6 +5217,8 @@ internalEntityProcessor(XML_Parser parser,    entity = openEntity->entity;    textStart = ((char *)entity->textPtr) + entity->processed;    textEnd = (char *)(entity->textPtr + entity->textLen); +  /* Set a safe default value in case 'next' does not get set */ +  next = textStart;  #ifdef XML_DTD    if (entity->is_param) { @@ -4913,9 +5265,9 @@ internalEntityProcessor(XML_Parser parser,  static enum XML_Error PTRCALL  errorProcessor(XML_Parser parser, -               const char *s, -               const char *end, -               const char **nextPtr) +               const char *UNUSED_P(s), +               const char *UNUSED_P(end), +               const char **UNUSED_P(nextPtr))  {    return errorCode;  } @@ -5331,6 +5683,7 @@ reportDefault(XML_Parser parser, const ENCODING *enc,                const char *s, const char *end)  {    if (MUST_CONVERT(enc, s)) { +    enum XML_Convert_Result convert_res;      const char **eventPP;      const char **eventEndPP;      if (enc == encoding) { @@ -5343,11 +5696,11 @@ reportDefault(XML_Parser parser, const ENCODING *enc,      }      do {        ICHAR *dataPtr = (ICHAR *)dataBuf; -      XmlConvert(enc, &s, end, &dataPtr, (ICHAR *)dataBufEnd); +      convert_res = XmlConvert(enc, &s, end, &dataPtr, (ICHAR *)dataBufEnd);        *eventEndPP = s;        defaultHandler(handlerArg, dataBuf, (int)(dataPtr - (ICHAR *)dataBuf));        *eventPP = s; -    } while (s != end); +    } while ((convert_res != XML_CONVERT_COMPLETED) && (convert_res != XML_CONVERT_INPUT_INCOMPLETE));    }    else      defaultHandler(handlerArg, (XML_Char *)s, (int)((XML_Char *)end - (XML_Char *)s)); @@ -5477,6 +5830,8 @@ getAttributeId(XML_Parser parser, const ENCODING *enc,              return NULL;            id->prefix = (PREFIX *)lookup(parser, &dtd->prefixes, poolStart(&dtd->pool),                                          sizeof(PREFIX)); +          if (!id->prefix) +            return NULL;            if (id->prefix->name == poolStart(&dtd->pool))              poolFinish(&dtd->pool);            else @@ -5824,7 +6179,6 @@ dtdCopy(XML_Parser oldParser, DTD *newDtd, const DTD *oldDtd, const XML_Memory_H        newE->defaultAtts = (DEFAULT_ATTRIBUTE *)            ms->malloc_fcn(oldE->nDefaultAtts * sizeof(DEFAULT_ATTRIBUTE));        if (!newE->defaultAtts) { -        ms->free_fcn(newE);          return 0;        }      } @@ -5959,13 +6313,32 @@ keyeq(KEY s1, KEY s2)    return XML_FALSE;  } +static size_t +keylen(KEY s) +{ +  size_t len = 0; +  for (; *s; s++, len++); +  return len; +} + +static void +copy_salt_to_sipkey(XML_Parser parser, struct sipkey * key) +{ +  key->k[0] = 0; +  key->k[1] = get_hash_secret_salt(parser); +} +  static unsigned long FASTCALL  hash(XML_Parser parser, KEY s)  { -  unsigned long h = hash_secret_salt; -  while (*s) -    h = CHAR_HASH(h, *s++); -  return h; +  struct siphash state; +  struct sipkey key; +  (void)sip_tobin; +  (void)sip24_valid; +  copy_salt_to_sipkey(parser, &key); +  sip24_init(&state, &key); +  sip24_update(&state, s, keylen(s) * sizeof(XML_Char)); +  return (unsigned long)sip24_final(&state);  }  static NAMED * @@ -6150,8 +6523,8 @@ poolAppend(STRING_POOL *pool, const ENCODING *enc,    if (!pool->ptr && !poolGrow(pool))      return NULL;    for (;;) { -    XmlConvert(enc, &ptr, end, (ICHAR **)&(pool->ptr), (ICHAR *)pool->end); -    if (ptr == end) +    const enum XML_Convert_Result convert_res = XmlConvert(enc, &ptr, end, (ICHAR **)&(pool->ptr), (ICHAR *)pool->end); +    if ((convert_res == XML_CONVERT_COMPLETED) || (convert_res == XML_CONVERT_INPUT_INCOMPLETE))        break;      if (!poolGrow(pool))        return NULL; @@ -6208,6 +6581,35 @@ poolStoreString(STRING_POOL *pool, const ENCODING *enc,    return pool->start;  } +static size_t +poolBytesToAllocateFor(int blockSize) +{ +  /* Unprotected math would be: +  ** return offsetof(BLOCK, s) + blockSize * sizeof(XML_Char); +  ** +  ** Detect overflow, avoiding _signed_ overflow undefined behavior +  ** For a + b * c we check b * c in isolation first, so that addition of a +  ** on top has no chance of making us accept a small non-negative number +  */ +  const size_t stretch = sizeof(XML_Char);  /* can be 4 bytes */ + +  if (blockSize <= 0) +    return 0; + +  if (blockSize > (int)(INT_MAX / stretch)) +    return 0; + +  { +    const int stretchedBlockSize = blockSize * (int)stretch; +    const int bytesToAllocate = (int)( +        offsetof(BLOCK, s) + (unsigned)stretchedBlockSize); +    if (bytesToAllocate < 0) +      return 0; + +    return (size_t)bytesToAllocate; +  } +} +  static XML_Bool FASTCALL  poolGrow(STRING_POOL *pool)  { @@ -6235,11 +6637,19 @@ poolGrow(STRING_POOL *pool)      }    }    if (pool->blocks && pool->start == pool->blocks->s) { -    int blockSize = (int)(pool->end - pool->start)*2; -    BLOCK *temp = (BLOCK *) -      pool->mem->realloc_fcn(pool->blocks, -                             (offsetof(BLOCK, s) -                              + blockSize * sizeof(XML_Char))); +    BLOCK *temp; +    int blockSize = (int)((unsigned)(pool->end - pool->start)*2U); +    size_t bytesToAllocate; + +    if (blockSize < 0) +      return XML_FALSE; + +    bytesToAllocate = poolBytesToAllocateFor(blockSize); +    if (bytesToAllocate == 0) +      return XML_FALSE; + +    temp = (BLOCK *) +      pool->mem->realloc_fcn(pool->blocks, (unsigned)bytesToAllocate);      if (temp == NULL)        return XML_FALSE;      pool->blocks = temp; @@ -6251,12 +6661,26 @@ poolGrow(STRING_POOL *pool)    else {      BLOCK *tem;      int blockSize = (int)(pool->end - pool->start); +    size_t bytesToAllocate; + +    if (blockSize < 0) +      return XML_FALSE; +      if (blockSize < INIT_BLOCK_SIZE)        blockSize = INIT_BLOCK_SIZE; -    else +    else { +      /* Detect overflow, avoiding _signed_ overflow undefined behavior */ +      if ((int)((unsigned)blockSize * 2U) < 0) { +        return XML_FALSE; +      }        blockSize *= 2; -    tem = (BLOCK *)pool->mem->malloc_fcn(offsetof(BLOCK, s) -                                        + blockSize * sizeof(XML_Char)); +    } + +    bytesToAllocate = poolBytesToAllocateFor(blockSize); +    if (bytesToAllocate == 0) +      return XML_FALSE; + +    tem = (BLOCK *)pool->mem->malloc_fcn(bytesToAllocate);      if (!tem)        return XML_FALSE;      tem->size = blockSize; diff --git a/3rdParty/Expat/src/xmlrole.c b/3rdParty/Expat/src/xmlrole.c index 44772e2..a7c5630 100644 --- a/3rdParty/Expat/src/xmlrole.c +++ b/3rdParty/Expat/src/xmlrole.c @@ -4,19 +4,13 @@  #include <stddef.h> -#ifdef COMPILED_FROM_DSP +#ifdef _WIN32  #include "winconfig.h" -#elif defined(MACOS_CLASSIC) -#include "macconfig.h" -#elif defined(__amigaos__) -#include "amigaconfig.h" -#elif defined(__WATCOMC__) -#include "watcomconfig.h"  #else  #ifdef HAVE_EXPAT_CONFIG_H  #include <expat_config.h>  #endif -#endif /* ndef COMPILED_FROM_DSP */ +#endif /* ndef _WIN32 */  #include "expat_external.h"  #include "internal.h" @@ -195,9 +189,9 @@ prolog1(PROLOG_STATE *state,  static int PTRCALL  prolog2(PROLOG_STATE *state,          int tok, -        const char *ptr, -        const char *end, -        const ENCODING *enc) +        const char *UNUSED_P(ptr), +        const char *UNUSED_P(end), +        const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -216,9 +210,9 @@ prolog2(PROLOG_STATE *state,  static int PTRCALL  doctype0(PROLOG_STATE *state,           int tok, -         const char *ptr, -         const char *end, -         const ENCODING *enc) +         const char *UNUSED_P(ptr), +         const char *UNUSED_P(end), +         const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -264,9 +258,9 @@ doctype1(PROLOG_STATE *state,  static int PTRCALL  doctype2(PROLOG_STATE *state,           int tok, -         const char *ptr, -         const char *end, -         const ENCODING *enc) +         const char *UNUSED_P(ptr), +         const char *UNUSED_P(end), +         const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -281,9 +275,9 @@ doctype2(PROLOG_STATE *state,  static int PTRCALL  doctype3(PROLOG_STATE *state,           int tok, -         const char *ptr, -         const char *end, -         const ENCODING *enc) +         const char *UNUSED_P(ptr), +         const char *UNUSED_P(end), +         const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -298,9 +292,9 @@ doctype3(PROLOG_STATE *state,  static int PTRCALL  doctype4(PROLOG_STATE *state,           int tok, -         const char *ptr, -         const char *end, -         const ENCODING *enc) +         const char *UNUSED_P(ptr), +         const char *UNUSED_P(end), +         const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -318,9 +312,9 @@ doctype4(PROLOG_STATE *state,  static int PTRCALL  doctype5(PROLOG_STATE *state,           int tok, -         const char *ptr, -         const char *end, -         const ENCODING *enc) +         const char *UNUSED_P(ptr), +         const char *UNUSED_P(end), +         const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -437,9 +431,9 @@ externalSubset1(PROLOG_STATE *state,  static int PTRCALL  entity0(PROLOG_STATE *state,          int tok, -        const char *ptr, -        const char *end, -        const ENCODING *enc) +        const char *UNUSED_P(ptr), +        const char *UNUSED_P(end), +        const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -457,9 +451,9 @@ entity0(PROLOG_STATE *state,  static int PTRCALL  entity1(PROLOG_STATE *state,          int tok, -        const char *ptr, -        const char *end, -        const ENCODING *enc) +        const char *UNUSED_P(ptr), +        const char *UNUSED_P(end), +        const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -502,9 +496,9 @@ entity2(PROLOG_STATE *state,  static int PTRCALL  entity3(PROLOG_STATE *state,          int tok, -        const char *ptr, -        const char *end, -        const ENCODING *enc) +        const char *UNUSED_P(ptr), +        const char *UNUSED_P(end), +        const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -519,9 +513,9 @@ entity3(PROLOG_STATE *state,  static int PTRCALL  entity4(PROLOG_STATE *state,          int tok, -        const char *ptr, -        const char *end, -        const ENCODING *enc) +        const char *UNUSED_P(ptr), +        const char *UNUSED_P(end), +        const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -559,9 +553,9 @@ entity5(PROLOG_STATE *state,  static int PTRCALL  entity6(PROLOG_STATE *state,          int tok, -        const char *ptr, -        const char *end, -        const ENCODING *enc) +        const char *UNUSED_P(ptr), +        const char *UNUSED_P(end), +        const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -605,9 +599,9 @@ entity7(PROLOG_STATE *state,  static int PTRCALL  entity8(PROLOG_STATE *state,          int tok, -        const char *ptr, -        const char *end, -        const ENCODING *enc) +        const char *UNUSED_P(ptr), +        const char *UNUSED_P(end), +        const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -622,9 +616,9 @@ entity8(PROLOG_STATE *state,  static int PTRCALL  entity9(PROLOG_STATE *state,          int tok, -        const char *ptr, -        const char *end, -        const ENCODING *enc) +        const char *UNUSED_P(ptr), +        const char *UNUSED_P(end), +        const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -639,9 +633,9 @@ entity9(PROLOG_STATE *state,  static int PTRCALL  entity10(PROLOG_STATE *state,           int tok, -         const char *ptr, -         const char *end, -         const ENCODING *enc) +         const char *UNUSED_P(ptr), +         const char *UNUSED_P(end), +         const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -656,9 +650,9 @@ entity10(PROLOG_STATE *state,  static int PTRCALL  notation0(PROLOG_STATE *state,            int tok, -          const char *ptr, -          const char *end, -          const ENCODING *enc) +          const char *UNUSED_P(ptr), +          const char *UNUSED_P(end), +          const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -697,9 +691,9 @@ notation1(PROLOG_STATE *state,  static int PTRCALL  notation2(PROLOG_STATE *state,            int tok, -          const char *ptr, -          const char *end, -          const ENCODING *enc) +          const char *UNUSED_P(ptr), +          const char *UNUSED_P(end), +          const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -714,9 +708,9 @@ notation2(PROLOG_STATE *state,  static int PTRCALL  notation3(PROLOG_STATE *state,            int tok, -          const char *ptr, -          const char *end, -          const ENCODING *enc) +          const char *UNUSED_P(ptr), +          const char *UNUSED_P(end), +          const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -732,9 +726,9 @@ notation3(PROLOG_STATE *state,  static int PTRCALL  notation4(PROLOG_STATE *state,            int tok, -          const char *ptr, -          const char *end, -          const ENCODING *enc) +          const char *UNUSED_P(ptr), +          const char *UNUSED_P(end), +          const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -753,9 +747,9 @@ notation4(PROLOG_STATE *state,  static int PTRCALL  attlist0(PROLOG_STATE *state,           int tok, -         const char *ptr, -         const char *end, -         const ENCODING *enc) +         const char *UNUSED_P(ptr), +         const char *UNUSED_P(end), +         const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -771,9 +765,9 @@ attlist0(PROLOG_STATE *state,  static int PTRCALL  attlist1(PROLOG_STATE *state,           int tok, -         const char *ptr, -         const char *end, -         const ENCODING *enc) +         const char *UNUSED_P(ptr), +         const char *UNUSED_P(end), +         const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -833,9 +827,9 @@ attlist2(PROLOG_STATE *state,  static int PTRCALL  attlist3(PROLOG_STATE *state,           int tok, -         const char *ptr, -         const char *end, -         const ENCODING *enc) +         const char *UNUSED_P(ptr), +         const char *UNUSED_P(end), +         const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -852,9 +846,9 @@ attlist3(PROLOG_STATE *state,  static int PTRCALL  attlist4(PROLOG_STATE *state,           int tok, -         const char *ptr, -         const char *end, -         const ENCODING *enc) +         const char *UNUSED_P(ptr), +         const char *UNUSED_P(end), +         const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -872,9 +866,9 @@ attlist4(PROLOG_STATE *state,  static int PTRCALL  attlist5(PROLOG_STATE *state,           int tok, -         const char *ptr, -         const char *end, -         const ENCODING *enc) +         const char *UNUSED_P(ptr), +         const char *UNUSED_P(end), +         const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -889,9 +883,9 @@ attlist5(PROLOG_STATE *state,  static int PTRCALL  attlist6(PROLOG_STATE *state,           int tok, -         const char *ptr, -         const char *end, -         const ENCODING *enc) +         const char *UNUSED_P(ptr), +         const char *UNUSED_P(end), +         const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -906,9 +900,9 @@ attlist6(PROLOG_STATE *state,  static int PTRCALL  attlist7(PROLOG_STATE *state,           int tok, -         const char *ptr, -         const char *end, -         const ENCODING *enc) +         const char *UNUSED_P(ptr), +         const char *UNUSED_P(end), +         const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -967,9 +961,9 @@ attlist8(PROLOG_STATE *state,  static int PTRCALL  attlist9(PROLOG_STATE *state,           int tok, -         const char *ptr, -         const char *end, -         const ENCODING *enc) +         const char *UNUSED_P(ptr), +         const char *UNUSED_P(end), +         const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -984,9 +978,9 @@ attlist9(PROLOG_STATE *state,  static int PTRCALL  element0(PROLOG_STATE *state,           int tok, -         const char *ptr, -         const char *end, -         const ENCODING *enc) +         const char *UNUSED_P(ptr), +         const char *UNUSED_P(end), +         const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -1072,9 +1066,9 @@ element2(PROLOG_STATE *state,  static int PTRCALL  element3(PROLOG_STATE *state,           int tok, -         const char *ptr, -         const char *end, -         const ENCODING *enc) +         const char *UNUSED_P(ptr), +         const char *UNUSED_P(end), +         const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -1097,9 +1091,9 @@ element3(PROLOG_STATE *state,  static int PTRCALL  element4(PROLOG_STATE *state,           int tok, -         const char *ptr, -         const char *end, -         const ENCODING *enc) +         const char *UNUSED_P(ptr), +         const char *UNUSED_P(end), +         const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -1115,9 +1109,9 @@ element4(PROLOG_STATE *state,  static int PTRCALL  element5(PROLOG_STATE *state,           int tok, -         const char *ptr, -         const char *end, -         const ENCODING *enc) +         const char *UNUSED_P(ptr), +         const char *UNUSED_P(end), +         const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -1136,9 +1130,9 @@ element5(PROLOG_STATE *state,  static int PTRCALL  element6(PROLOG_STATE *state,           int tok, -         const char *ptr, -         const char *end, -         const ENCODING *enc) +         const char *UNUSED_P(ptr), +         const char *UNUSED_P(end), +         const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -1166,9 +1160,9 @@ element6(PROLOG_STATE *state,  static int PTRCALL  element7(PROLOG_STATE *state,           int tok, -         const char *ptr, -         const char *end, -         const ENCODING *enc) +         const char *UNUSED_P(ptr), +         const char *UNUSED_P(end), +         const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -1240,9 +1234,9 @@ condSect0(PROLOG_STATE *state,  static int PTRCALL  condSect1(PROLOG_STATE *state,            int tok, -          const char *ptr, -          const char *end, -          const ENCODING *enc) +          const char *UNUSED_P(ptr), +          const char *UNUSED_P(end), +          const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -1258,9 +1252,9 @@ condSect1(PROLOG_STATE *state,  static int PTRCALL  condSect2(PROLOG_STATE *state,            int tok, -          const char *ptr, -          const char *end, -          const ENCODING *enc) +          const char *UNUSED_P(ptr), +          const char *UNUSED_P(end), +          const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -1277,9 +1271,9 @@ condSect2(PROLOG_STATE *state,  static int PTRCALL  declClose(PROLOG_STATE *state,            int tok, -          const char *ptr, -          const char *end, -          const ENCODING *enc) +          const char *UNUSED_P(ptr), +          const char *UNUSED_P(end), +          const ENCODING *UNUSED_P(enc))  {    switch (tok) {    case XML_TOK_PROLOG_S: @@ -1292,11 +1286,11 @@ declClose(PROLOG_STATE *state,  }  static int PTRCALL -error(PROLOG_STATE *state, -      int tok, -      const char *ptr, -      const char *end, -      const ENCODING *enc) +error(PROLOG_STATE *UNUSED_P(state), +      int UNUSED_P(tok), +      const char *UNUSED_P(ptr), +      const char *UNUSED_P(end), +      const ENCODING *UNUSED_P(enc))  {    return XML_ROLE_NONE;  } diff --git a/3rdParty/Expat/src/xmltok.c b/3rdParty/Expat/src/xmltok.c index bf09dfc..cdf0720 100644 --- a/3rdParty/Expat/src/xmltok.c +++ b/3rdParty/Expat/src/xmltok.c @@ -4,19 +4,13 @@  #include <stddef.h> -#ifdef COMPILED_FROM_DSP +#ifdef _WIN32  #include "winconfig.h" -#elif defined(MACOS_CLASSIC) -#include "macconfig.h" -#elif defined(__amigaos__) -#include "amigaconfig.h" -#elif defined(__WATCOMC__) -#include "watcomconfig.h"  #else  #ifdef HAVE_EXPAT_CONFIG_H  #include <expat_config.h>  #endif -#endif /* ndef COMPILED_FROM_DSP */ +#endif /* ndef _WIN32 */  #include "expat_external.h"  #include "internal.h" @@ -46,7 +40,7 @@  #define VTABLE VTABLE1, PREFIX(toUtf8), PREFIX(toUtf16)  #define UCS2_GET_NAMING(pages, hi, lo) \ -   (namingBitmap[(pages[hi] << 3) + ((lo) >> 5)] & (1 << ((lo) & 0x1F))) +   (namingBitmap[(pages[hi] << 3) + ((lo) >> 5)] & (1u << ((lo) & 0x1F)))  /* A 2 byte UTF-8 representation splits the characters 11 bits between     the bottom 5 and 6 bits of the bytes.  We need 8 bits to index into @@ -56,7 +50,7 @@      (namingBitmap[((pages)[(((byte)[0]) >> 2) & 7] << 3) \                        + ((((byte)[0]) & 3) << 1) \                        + ((((byte)[1]) >> 5) & 1)] \ -         & (1 << (((byte)[1]) & 0x1F))) +         & (1u << (((byte)[1]) & 0x1F)))  /* A 3 byte UTF-8 representation splits the characters 16 bits between     the bottom 4, 6 and 6 bits of the bytes.  We need 8 bits to index @@ -69,7 +63,7 @@                         << 3) \                        + ((((byte)[1]) & 3) << 1) \                        + ((((byte)[2]) >> 5) & 1)] \ -         & (1 << (((byte)[2]) & 0x1F))) +         & (1u << (((byte)[2]) & 0x1F)))  #define UTF8_GET_NAMING(pages, p, n) \    ((n) == 2 \ @@ -122,19 +116,19 @@      ((*p) == 0xF4 ? (p)[1] > 0x8F : ((p)[1] & 0xC0) == 0xC0)))  static int PTRFASTCALL -isNever(const ENCODING *enc, const char *p) +isNever(const ENCODING *UNUSED_P(enc), const char *UNUSED_P(p))  {    return 0;  }  static int PTRFASTCALL -utf8_isName2(const ENCODING *enc, const char *p) +utf8_isName2(const ENCODING *UNUSED_P(enc), const char *p)  {    return UTF8_GET_NAMING2(namePages, (const unsigned char *)p);  }  static int PTRFASTCALL -utf8_isName3(const ENCODING *enc, const char *p) +utf8_isName3(const ENCODING *UNUSED_P(enc), const char *p)  {    return UTF8_GET_NAMING3(namePages, (const unsigned char *)p);  } @@ -142,13 +136,13 @@ utf8_isName3(const ENCODING *enc, const char *p)  #define utf8_isName4 isNever  static int PTRFASTCALL -utf8_isNmstrt2(const ENCODING *enc, const char *p) +utf8_isNmstrt2(const ENCODING *UNUSED_P(enc), const char *p)  {    return UTF8_GET_NAMING2(nmstrtPages, (const unsigned char *)p);  }  static int PTRFASTCALL -utf8_isNmstrt3(const ENCODING *enc, const char *p) +utf8_isNmstrt3(const ENCODING *UNUSED_P(enc), const char *p)  {    return UTF8_GET_NAMING3(nmstrtPages, (const unsigned char *)p);  } @@ -156,19 +150,19 @@ utf8_isNmstrt3(const ENCODING *enc, const char *p)  #define utf8_isNmstrt4 isNever  static int PTRFASTCALL -utf8_isInvalid2(const ENCODING *enc, const char *p) +utf8_isInvalid2(const ENCODING *UNUSED_P(enc), const char *p)  {    return UTF8_INVALID2((const unsigned char *)p);  }  static int PTRFASTCALL -utf8_isInvalid3(const ENCODING *enc, const char *p) +utf8_isInvalid3(const ENCODING *UNUSED_P(enc), const char *p)  {    return UTF8_INVALID3((const unsigned char *)p);  }  static int PTRFASTCALL -utf8_isInvalid4(const ENCODING *enc, const char *p) +utf8_isInvalid4(const ENCODING *UNUSED_P(enc), const char *p)  {    return UTF8_INVALID4((const unsigned char *)p);  } @@ -222,6 +216,17 @@ struct normal_encoding {   E ## isInvalid3, \   E ## isInvalid4 +#define NULL_VTABLE \ + /* isName2 */ NULL, \ + /* isName3 */ NULL, \ + /* isName4 */ NULL, \ + /* isNmstrt2 */ NULL, \ + /* isNmstrt3 */ NULL, \ + /* isNmstrt4 */ NULL, \ + /* isInvalid2 */ NULL, \ + /* isInvalid3 */ NULL, \ + /* isInvalid4 */ NULL +  static int FASTCALL checkCharRefNumber(int);  #include "xmltok_impl.h" @@ -318,39 +323,89 @@ enum {  /* UTF8_cvalN is value of masked first byte of N byte sequence */    UTF8_cval4 = 0xf0  }; -static void PTRCALL -utf8_toUtf8(const ENCODING *enc, +void +align_limit_to_full_utf8_characters(const char * from, const char ** fromLimRef) +{ +  const char * fromLim = *fromLimRef; +  size_t walked = 0; +  for (; fromLim > from; fromLim--, walked++) { +    const unsigned char prev = (unsigned char)fromLim[-1]; +    if ((prev & 0xf8u) == 0xf0u) { /* 4-byte character, lead by 0b11110xxx byte */ +      if (walked + 1 >= 4) { +        fromLim += 4 - 1; +        break; +      } else { +        walked = 0; +      } +    } else if ((prev & 0xf0u) == 0xe0u) { /* 3-byte character, lead by 0b1110xxxx byte */ +      if (walked + 1 >= 3) { +        fromLim += 3 - 1; +        break; +      } else { +        walked = 0; +      } +    } else if ((prev & 0xe0u) == 0xc0u) { /* 2-byte character, lead by 0b110xxxxx byte */ +      if (walked + 1 >= 2) { +        fromLim += 2 - 1; +        break; +      } else { +        walked = 0; +      } +    } else if ((prev & 0x80u) == 0x00u) { /* 1-byte character, matching 0b0xxxxxxx */ +      break; +    } +  } +  *fromLimRef = fromLim; +} + +static enum XML_Convert_Result PTRCALL +utf8_toUtf8(const ENCODING *UNUSED_P(enc),              const char **fromP, const char *fromLim,              char **toP, const char *toLim)  {    char *to;    const char *from; -  if (fromLim - *fromP > toLim - *toP) { -    /* Avoid copying partial characters. */ -    for (fromLim = *fromP + (toLim - *toP); fromLim > *fromP; fromLim--) -      if (((unsigned char)fromLim[-1] & 0xc0) != 0x80) -        break; -  } -  for (to = *toP, from = *fromP; from != fromLim; from++, to++) +  const char *fromLimInitial = fromLim; + +  /* Avoid copying partial characters. */ +  align_limit_to_full_utf8_characters(*fromP, &fromLim); + +  for (to = *toP, from = *fromP; (from < fromLim) && (to < toLim); from++, to++)      *to = *from;    *fromP = from;    *toP = to; + +  if (fromLim < fromLimInitial) +    return XML_CONVERT_INPUT_INCOMPLETE; +  else if ((to == toLim) && (from < fromLim)) +    return XML_CONVERT_OUTPUT_EXHAUSTED; +  else +    return XML_CONVERT_COMPLETED;  } -static void PTRCALL +static enum XML_Convert_Result PTRCALL  utf8_toUtf16(const ENCODING *enc,               const char **fromP, const char *fromLim,               unsigned short **toP, const unsigned short *toLim)  { +  enum XML_Convert_Result res = XML_CONVERT_COMPLETED;    unsigned short *to = *toP;    const char *from = *fromP; -  while (from != fromLim && to != toLim) { +  while (from < fromLim && to < toLim) {      switch (((struct normal_encoding *)enc)->type[(unsigned char)*from]) {      case BT_LEAD2: +      if (fromLim - from < 2) { +        res = XML_CONVERT_INPUT_INCOMPLETE; +        goto after; +      }        *to++ = (unsigned short)(((from[0] & 0x1f) << 6) | (from[1] & 0x3f));        from += 2;        break;      case BT_LEAD3: +      if (fromLim - from < 3) { +        res = XML_CONVERT_INPUT_INCOMPLETE; +        goto after; +      }        *to++ = (unsigned short)(((from[0] & 0xf) << 12)                                 | ((from[1] & 0x3f) << 6) | (from[2] & 0x3f));        from += 3; @@ -358,8 +413,14 @@ utf8_toUtf16(const ENCODING *enc,      case BT_LEAD4:        {          unsigned long n; -        if (to + 1 == toLim) +        if (toLim - to < 2) { +          res = XML_CONVERT_OUTPUT_EXHAUSTED; +          goto after; +        } +        if (fromLim - from < 4) { +          res = XML_CONVERT_INPUT_INCOMPLETE;            goto after; +        }          n = ((from[0] & 0x7) << 18) | ((from[1] & 0x3f) << 12)              | ((from[2] & 0x3f) << 6) | (from[3] & 0x3f);          n -= 0x10000; @@ -374,9 +435,12 @@ utf8_toUtf16(const ENCODING *enc,        break;      }    } +  if (from < fromLim) +    res = XML_CONVERT_OUTPUT_EXHAUSTED;  after:    *fromP = from;    *toP = to; +  return res;  }  #ifdef XML_NS @@ -425,38 +489,43 @@ static const struct normal_encoding internal_utf8_encoding = {    STANDARD_VTABLE(sb_) NORMAL_VTABLE(utf8_)  }; -static void PTRCALL -latin1_toUtf8(const ENCODING *enc, +static enum XML_Convert_Result PTRCALL +latin1_toUtf8(const ENCODING *UNUSED_P(enc),                const char **fromP, const char *fromLim,                char **toP, const char *toLim)  {    for (;;) {      unsigned char c;      if (*fromP == fromLim) -      break; +      return XML_CONVERT_COMPLETED;      c = (unsigned char)**fromP;      if (c & 0x80) {        if (toLim - *toP < 2) -        break; +        return XML_CONVERT_OUTPUT_EXHAUSTED;        *(*toP)++ = (char)((c >> 6) | UTF8_cval2);        *(*toP)++ = (char)((c & 0x3f) | 0x80);        (*fromP)++;      }      else {        if (*toP == toLim) -        break; +        return XML_CONVERT_OUTPUT_EXHAUSTED;        *(*toP)++ = *(*fromP)++;      }    }  } -static void PTRCALL -latin1_toUtf16(const ENCODING *enc, +static enum XML_Convert_Result PTRCALL +latin1_toUtf16(const ENCODING *UNUSED_P(enc),                 const char **fromP, const char *fromLim,                 unsigned short **toP, const unsigned short *toLim)  { -  while (*fromP != fromLim && *toP != toLim) +  while (*fromP < fromLim && *toP < toLim)      *(*toP)++ = (unsigned char)*(*fromP)++; + +  if ((*toP == toLim) && (*fromP < fromLim)) +    return XML_CONVERT_OUTPUT_EXHAUSTED; +  else +    return XML_CONVERT_COMPLETED;  }  #ifdef XML_NS @@ -467,7 +536,7 @@ static const struct normal_encoding latin1_encoding_ns = {  #include "asciitab.h"  #include "latin1tab.h"    }, -  STANDARD_VTABLE(sb_) +  STANDARD_VTABLE(sb_) NULL_VTABLE  };  #endif @@ -480,16 +549,21 @@ static const struct normal_encoding latin1_encoding = {  #undef BT_COLON  #include "latin1tab.h"    }, -  STANDARD_VTABLE(sb_) +  STANDARD_VTABLE(sb_) NULL_VTABLE  }; -static void PTRCALL -ascii_toUtf8(const ENCODING *enc, +static enum XML_Convert_Result PTRCALL +ascii_toUtf8(const ENCODING *UNUSED_P(enc),               const char **fromP, const char *fromLim,               char **toP, const char *toLim)  { -  while (*fromP != fromLim && *toP != toLim) +  while (*fromP < fromLim && *toP < toLim)      *(*toP)++ = *(*fromP)++; + +  if ((*toP == toLim) && (*fromP < fromLim)) +    return XML_CONVERT_OUTPUT_EXHAUSTED; +  else +    return XML_CONVERT_COMPLETED;  }  #ifdef XML_NS @@ -500,7 +574,7 @@ static const struct normal_encoding ascii_encoding_ns = {  #include "asciitab.h"  /* BT_NONXML == 0 */    }, -  STANDARD_VTABLE(sb_) +  STANDARD_VTABLE(sb_) NULL_VTABLE  };  #endif @@ -513,7 +587,7 @@ static const struct normal_encoding ascii_encoding = {  #undef BT_COLON  /* BT_NONXML == 0 */    }, -  STANDARD_VTABLE(sb_) +  STANDARD_VTABLE(sb_) NULL_VTABLE  };  static int PTRFASTCALL @@ -536,13 +610,14 @@ unicode_byte_type(char hi, char lo)  }  #define DEFINE_UTF16_TO_UTF8(E) \ -static void  PTRCALL \ -E ## toUtf8(const ENCODING *enc, \ +static enum XML_Convert_Result  PTRCALL \ +E ## toUtf8(const ENCODING *UNUSED_P(enc), \              const char **fromP, const char *fromLim, \              char **toP, const char *toLim) \  { \ -  const char *from; \ -  for (from = *fromP; from != fromLim; from += 2) { \ +  const char *from = *fromP; \ +  fromLim = from + (((fromLim - from) >> 1) << 1);  /* shrink to even */ \ +  for (; from < fromLim; from += 2) { \      int plane; \      unsigned char lo2; \      unsigned char lo = GET_LO(from); \ @@ -552,7 +627,7 @@ E ## toUtf8(const ENCODING *enc, \        if (lo < 0x80) { \          if (*toP == toLim) { \            *fromP = from; \ -          return; \ +          return XML_CONVERT_OUTPUT_EXHAUSTED; \          } \          *(*toP)++ = lo; \          break; \ @@ -562,7 +637,7 @@ E ## toUtf8(const ENCODING *enc, \      case 0x4: case 0x5: case 0x6: case 0x7: \        if (toLim -  *toP < 2) { \          *fromP = from; \ -        return; \ +        return XML_CONVERT_OUTPUT_EXHAUSTED; \        } \        *(*toP)++ = ((lo >> 6) | (hi << 2) |  UTF8_cval2); \        *(*toP)++ = ((lo & 0x3f) | 0x80); \ @@ -570,7 +645,7 @@ E ## toUtf8(const ENCODING *enc, \      default: \        if (toLim -  *toP < 3)  { \          *fromP = from; \ -        return; \ +        return XML_CONVERT_OUTPUT_EXHAUSTED; \        } \        /* 16 bits divided 4, 6, 6 amongst 3 bytes */ \        *(*toP)++ = ((hi >> 4) | UTF8_cval3); \ @@ -580,7 +655,11 @@ E ## toUtf8(const ENCODING *enc, \      case 0xD8: case 0xD9: case 0xDA: case 0xDB: \        if (toLim -  *toP < 4) { \          *fromP = from; \ -        return; \ +        return XML_CONVERT_OUTPUT_EXHAUSTED; \ +      } \ +      if (fromLim - from < 4) { \ +        *fromP = from; \ +        return XML_CONVERT_INPUT_INCOMPLETE; \        } \        plane = (((hi & 0x3) << 2) | ((lo >> 6) & 0x3)) + 1; \        *(*toP)++ = ((plane >> 2) | UTF8_cval4); \ @@ -596,20 +675,32 @@ E ## toUtf8(const ENCODING *enc, \      } \    } \    *fromP = from; \ +  if (from < fromLim) \ +    return XML_CONVERT_INPUT_INCOMPLETE; \ +  else \ +    return XML_CONVERT_COMPLETED; \  }  #define DEFINE_UTF16_TO_UTF16(E) \ -static void  PTRCALL \ -E ## toUtf16(const ENCODING *enc, \ +static enum XML_Convert_Result  PTRCALL \ +E ## toUtf16(const ENCODING *UNUSED_P(enc), \               const char **fromP, const char *fromLim, \               unsigned short **toP, const unsigned short *toLim) \  { \ +  enum XML_Convert_Result res = XML_CONVERT_COMPLETED; \ +  fromLim = *fromP + (((fromLim - *fromP) >> 1) << 1);  /* shrink to even */ \    /* Avoid copying first half only of surrogate */ \    if (fromLim - *fromP > ((toLim - *toP) << 1) \ -      && (GET_HI(fromLim - 2) & 0xF8) == 0xD8) \ +      && (GET_HI(fromLim - 2) & 0xF8) == 0xD8) { \      fromLim -= 2; \ -  for (; *fromP != fromLim && *toP != toLim; *fromP += 2) \ +    res = XML_CONVERT_INPUT_INCOMPLETE; \ +  } \ +  for (; *fromP < fromLim && *toP < toLim; *fromP += 2) \      *(*toP)++ = (GET_HI(*fromP) << 8) | GET_LO(*fromP); \ +  if ((*toP == toLim) && (*fromP < fromLim)) \ +    return XML_CONVERT_OUTPUT_EXHAUSTED; \ +  else \ +    return res; \  }  #define SET2(ptr, ch) \ @@ -726,7 +817,7 @@ static const struct normal_encoding little2_encoding_ns = {  #include "asciitab.h"  #include "latin1tab.h"    }, -  STANDARD_VTABLE(little2_) +  STANDARD_VTABLE(little2_) NULL_VTABLE  };  #endif @@ -745,7 +836,7 @@ static const struct normal_encoding little2_encoding = {  #undef BT_COLON  #include "latin1tab.h"    }, -  STANDARD_VTABLE(little2_) +  STANDARD_VTABLE(little2_) NULL_VTABLE  };  #if BYTEORDER != 4321 @@ -758,7 +849,7 @@ static const struct normal_encoding internal_little2_encoding_ns = {  #include "iasciitab.h"  #include "latin1tab.h"    }, -  STANDARD_VTABLE(little2_) +  STANDARD_VTABLE(little2_) NULL_VTABLE  };  #endif @@ -771,7 +862,7 @@ static const struct normal_encoding internal_little2_encoding = {  #undef BT_COLON  #include "latin1tab.h"    }, -  STANDARD_VTABLE(little2_) +  STANDARD_VTABLE(little2_) NULL_VTABLE  };  #endif @@ -867,7 +958,7 @@ static const struct normal_encoding big2_encoding_ns = {  #include "asciitab.h"  #include "latin1tab.h"    }, -  STANDARD_VTABLE(big2_) +  STANDARD_VTABLE(big2_) NULL_VTABLE  };  #endif @@ -886,7 +977,7 @@ static const struct normal_encoding big2_encoding = {  #undef BT_COLON  #include "latin1tab.h"    }, -  STANDARD_VTABLE(big2_) +  STANDARD_VTABLE(big2_) NULL_VTABLE  };  #if BYTEORDER != 1234 @@ -899,7 +990,7 @@ static const struct normal_encoding internal_big2_encoding_ns = {  #include "iasciitab.h"  #include "latin1tab.h"    }, -  STANDARD_VTABLE(big2_) +  STANDARD_VTABLE(big2_) NULL_VTABLE  };  #endif @@ -912,7 +1003,7 @@ static const struct normal_encoding internal_big2_encoding = {  #undef BT_COLON  #include "latin1tab.h"    }, -  STANDARD_VTABLE(big2_) +  STANDARD_VTABLE(big2_) NULL_VTABLE  };  #endif @@ -938,7 +1029,7 @@ streqci(const char *s1, const char *s2)  }  static void PTRCALL -initUpdatePosition(const ENCODING *enc, const char *ptr, +initUpdatePosition(const ENCODING *UNUSED_P(enc), const char *ptr,                     const char *end, POSITION *pos)  {    normal_updatePosition(&utf8_encoding.enc, ptr, end, pos); @@ -1288,7 +1379,7 @@ unknown_isInvalid(const ENCODING *enc, const char *p)    return (c & ~0xFFFF) || checkCharRefNumber(c) < 0;  } -static void PTRCALL +static enum XML_Convert_Result PTRCALL  unknown_toUtf8(const ENCODING *enc,                 const char **fromP, const char *fromLim,                 char **toP, const char *toLim) @@ -1299,21 +1390,21 @@ unknown_toUtf8(const ENCODING *enc,      const char *utf8;      int n;      if (*fromP == fromLim) -      break; +      return XML_CONVERT_COMPLETED;      utf8 = uenc->utf8[(unsigned char)**fromP];      n = *utf8++;      if (n == 0) {        int c = uenc->convert(uenc->userData, *fromP);        n = XmlUtf8Encode(c, buf);        if (n > toLim - *toP) -        break; +        return XML_CONVERT_OUTPUT_EXHAUSTED;        utf8 = buf;        *fromP += (AS_NORMAL_ENCODING(enc)->type[(unsigned char)**fromP]                   - (BT_LEAD2 - 2));      }      else {        if (n > toLim - *toP) -        break; +        return XML_CONVERT_OUTPUT_EXHAUSTED;        (*fromP)++;      }      do { @@ -1322,13 +1413,13 @@ unknown_toUtf8(const ENCODING *enc,    }  } -static void PTRCALL +static enum XML_Convert_Result PTRCALL  unknown_toUtf16(const ENCODING *enc,                  const char **fromP, const char *fromLim,                  unsigned short **toP, const unsigned short *toLim)  {    const struct unknown_encoding *uenc = AS_UNKNOWN_ENCODING(enc); -  while (*fromP != fromLim && *toP != toLim) { +  while (*fromP < fromLim && *toP < toLim) {      unsigned short c = uenc->utf16[(unsigned char)**fromP];      if (c == 0) {        c = (unsigned short) @@ -1340,6 +1431,11 @@ unknown_toUtf16(const ENCODING *enc,        (*fromP)++;      *(*toP)++ = c;    } + +  if ((*toP == toLim) && (*fromP < fromLim)) +    return XML_CONVERT_OUTPUT_EXHAUSTED; +  else +    return XML_CONVERT_COMPLETED;  }  ENCODING * @@ -1503,7 +1599,7 @@ initScan(const ENCODING * const *encodingTable,  {    const ENCODING **encPtr; -  if (ptr == end) +  if (ptr >= end)      return XML_TOK_NONE;    encPtr = enc->encPtr;    if (ptr + 1 == end) { diff --git a/3rdParty/Expat/src/xmltok.h b/3rdParty/Expat/src/xmltok.h index ca867aa..752007e 100644 --- a/3rdParty/Expat/src/xmltok.h +++ b/3rdParty/Expat/src/xmltok.h @@ -130,6 +130,12 @@ typedef int (PTRCALL *SCANNER)(const ENCODING *,                                 const char *,                                 const char **); +enum XML_Convert_Result { +  XML_CONVERT_COMPLETED = 0, +  XML_CONVERT_INPUT_INCOMPLETE = 1, +  XML_CONVERT_OUTPUT_EXHAUSTED = 2  /* and therefore potentially input remaining as well */ +}; +  struct encoding {    SCANNER scanners[XML_N_STATES];    SCANNER literalScanners[XML_N_LITERAL_TYPES]; @@ -158,12 +164,12 @@ struct encoding {                              const char *ptr,                              const char *end,                              const char **badPtr); -  void (PTRCALL *utf8Convert)(const ENCODING *enc, +  enum XML_Convert_Result (PTRCALL *utf8Convert)(const ENCODING *enc,                                const char **fromP,                                const char *fromLim,                                char **toP,                                const char *toLim); -  void (PTRCALL *utf16Convert)(const ENCODING *enc, +  enum XML_Convert_Result (PTRCALL *utf16Convert)(const ENCODING *enc,                                 const char **fromP,                                 const char *fromLim,                                 unsigned short **toP, diff --git a/3rdParty/Expat/src/xmltok_impl.c b/3rdParty/Expat/src/xmltok_impl.c index 9c2895b..5f779c0 100644 --- a/3rdParty/Expat/src/xmltok_impl.c +++ b/3rdParty/Expat/src/xmltok_impl.c @@ -87,27 +87,45 @@  #define PREFIX(ident) ident  #endif + +#define HAS_CHARS(enc, ptr, end, count) \ +    (end - ptr >= count * MINBPC(enc)) + +#define HAS_CHAR(enc, ptr, end) \ +    HAS_CHARS(enc, ptr, end, 1) + +#define REQUIRE_CHARS(enc, ptr, end, count) \ +    { \ +      if (! HAS_CHARS(enc, ptr, end, count)) { \ +        return XML_TOK_PARTIAL; \ +      } \ +    } + +#define REQUIRE_CHAR(enc, ptr, end) \ +    REQUIRE_CHARS(enc, ptr, end, 1) + +  /* ptr points to character following "<!-" */  static int PTRCALL  PREFIX(scanComment)(const ENCODING *enc, const char *ptr,                      const char *end, const char **nextTokPtr)  { -  if (ptr != end) { +  if (HAS_CHAR(enc, ptr, end)) {      if (!CHAR_MATCHES(enc, ptr, ASCII_MINUS)) {        *nextTokPtr = ptr;        return XML_TOK_INVALID;      }      ptr += MINBPC(enc); -    while (ptr != end) { +    while (HAS_CHAR(enc, ptr, end)) {        switch (BYTE_TYPE(enc, ptr)) {        INVALID_CASES(ptr, nextTokPtr)        case BT_MINUS: -        if ((ptr += MINBPC(enc)) == end) -          return XML_TOK_PARTIAL; +        ptr += MINBPC(enc); +        REQUIRE_CHAR(enc, ptr, end);          if (CHAR_MATCHES(enc, ptr, ASCII_MINUS)) { -          if ((ptr += MINBPC(enc)) == end) -            return XML_TOK_PARTIAL; +          ptr += MINBPC(enc); +          REQUIRE_CHAR(enc, ptr, end);            if (!CHAR_MATCHES(enc, ptr, ASCII_GT)) {              *nextTokPtr = ptr;              return XML_TOK_INVALID; @@ -131,8 +149,7 @@ static int PTRCALL  PREFIX(scanDecl)(const ENCODING *enc, const char *ptr,                   const char *end, const char **nextTokPtr)  { -  if (ptr == end) -    return XML_TOK_PARTIAL; +  REQUIRE_CHAR(enc, ptr, end);    switch (BYTE_TYPE(enc, ptr)) {    case BT_MINUS:      return PREFIX(scanComment)(enc, ptr + MINBPC(enc), end, nextTokPtr); @@ -147,11 +164,10 @@ PREFIX(scanDecl)(const ENCODING *enc, const char *ptr,      *nextTokPtr = ptr;      return XML_TOK_INVALID;    } -  while (ptr != end) { +  while (HAS_CHAR(enc, ptr, end)) {      switch (BYTE_TYPE(enc, ptr)) {      case BT_PERCNT: -      if (ptr + MINBPC(enc) == end) -        return XML_TOK_PARTIAL; +      REQUIRE_CHARS(enc, ptr, end, 2);        /* don't allow <!ENTITY% foo "whatever"> */        switch (BYTE_TYPE(enc, ptr + MINBPC(enc))) {        case BT_S: case BT_CR: case BT_LF: case BT_PERCNT: @@ -175,7 +191,7 @@ PREFIX(scanDecl)(const ENCODING *enc, const char *ptr,  }  static int PTRCALL -PREFIX(checkPiTarget)(const ENCODING *enc, const char *ptr, +PREFIX(checkPiTarget)(const ENCODING *UNUSED_P(enc), const char *ptr,                        const char *end, int *tokPtr)  {    int upper = 0; @@ -225,15 +241,14 @@ PREFIX(scanPi)(const ENCODING *enc, const char *ptr,  {    int tok;    const char *target = ptr; -  if (ptr == end) -    return XML_TOK_PARTIAL; +  REQUIRE_CHAR(enc, ptr, end);    switch (BYTE_TYPE(enc, ptr)) {    CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr)    default:      *nextTokPtr = ptr;      return XML_TOK_INVALID;    } -  while (ptr != end) { +  while (HAS_CHAR(enc, ptr, end)) {      switch (BYTE_TYPE(enc, ptr)) {      CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)      case BT_S: case BT_CR: case BT_LF: @@ -242,13 +257,12 @@ PREFIX(scanPi)(const ENCODING *enc, const char *ptr,          return XML_TOK_INVALID;        }        ptr += MINBPC(enc); -      while (ptr != end) { +      while (HAS_CHAR(enc, ptr, end)) {          switch (BYTE_TYPE(enc, ptr)) {          INVALID_CASES(ptr, nextTokPtr)          case BT_QUEST:            ptr += MINBPC(enc); -          if (ptr == end) -            return XML_TOK_PARTIAL; +          REQUIRE_CHAR(enc, ptr, end);            if (CHAR_MATCHES(enc, ptr, ASCII_GT)) {              *nextTokPtr = ptr + MINBPC(enc);              return tok; @@ -266,8 +280,7 @@ PREFIX(scanPi)(const ENCODING *enc, const char *ptr,          return XML_TOK_INVALID;        }        ptr += MINBPC(enc); -      if (ptr == end) -        return XML_TOK_PARTIAL; +      REQUIRE_CHAR(enc, ptr, end);        if (CHAR_MATCHES(enc, ptr, ASCII_GT)) {          *nextTokPtr = ptr + MINBPC(enc);          return tok; @@ -282,15 +295,14 @@ PREFIX(scanPi)(const ENCODING *enc, const char *ptr,  }  static int PTRCALL -PREFIX(scanCdataSection)(const ENCODING *enc, const char *ptr, +PREFIX(scanCdataSection)(const ENCODING *UNUSED_P(enc), const char *ptr,                           const char *end, const char **nextTokPtr)  {    static const char CDATA_LSQB[] = { ASCII_C, ASCII_D, ASCII_A,                                       ASCII_T, ASCII_A, ASCII_LSQB };    int i;    /* CDATA[ */ -  if (end - ptr < 6 * MINBPC(enc)) -    return XML_TOK_PARTIAL; +  REQUIRE_CHARS(enc, ptr, end, 6);    for (i = 0; i < 6; i++, ptr += MINBPC(enc)) {      if (!CHAR_MATCHES(enc, ptr, CDATA_LSQB[i])) {        *nextTokPtr = ptr; @@ -305,7 +317,7 @@ static int PTRCALL  PREFIX(cdataSectionTok)(const ENCODING *enc, const char *ptr,                          const char *end, const char **nextTokPtr)  { -  if (ptr == end) +  if (ptr >= end)      return XML_TOK_NONE;    if (MINBPC(enc) > 1) {      size_t n = end - ptr; @@ -319,13 +331,11 @@ PREFIX(cdataSectionTok)(const ENCODING *enc, const char *ptr,    switch (BYTE_TYPE(enc, ptr)) {    case BT_RSQB:      ptr += MINBPC(enc); -    if (ptr == end) -      return XML_TOK_PARTIAL; +    REQUIRE_CHAR(enc, ptr, end);      if (!CHAR_MATCHES(enc, ptr, ASCII_RSQB))        break;      ptr += MINBPC(enc); -    if (ptr == end) -      return XML_TOK_PARTIAL; +    REQUIRE_CHAR(enc, ptr, end);      if (!CHAR_MATCHES(enc, ptr, ASCII_GT)) {        ptr -= MINBPC(enc);        break; @@ -334,8 +344,7 @@ PREFIX(cdataSectionTok)(const ENCODING *enc, const char *ptr,      return XML_TOK_CDATA_SECT_CLOSE;    case BT_CR:      ptr += MINBPC(enc); -    if (ptr == end) -      return XML_TOK_PARTIAL; +    REQUIRE_CHAR(enc, ptr, end);      if (BYTE_TYPE(enc, ptr) == BT_LF)        ptr += MINBPC(enc);      *nextTokPtr = ptr; @@ -348,7 +357,7 @@ PREFIX(cdataSectionTok)(const ENCODING *enc, const char *ptr,      ptr += MINBPC(enc);      break;    } -  while (ptr != end) { +  while (HAS_CHAR(enc, ptr, end)) {      switch (BYTE_TYPE(enc, ptr)) {  #define LEAD_CASE(n) \      case BT_LEAD ## n: \ @@ -383,19 +392,18 @@ static int PTRCALL  PREFIX(scanEndTag)(const ENCODING *enc, const char *ptr,                     const char *end, const char **nextTokPtr)  { -  if (ptr == end) -    return XML_TOK_PARTIAL; +  REQUIRE_CHAR(enc, ptr, end);    switch (BYTE_TYPE(enc, ptr)) {    CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr)    default:      *nextTokPtr = ptr;      return XML_TOK_INVALID;    } -  while (ptr != end) { +  while (HAS_CHAR(enc, ptr, end)) {      switch (BYTE_TYPE(enc, ptr)) {      CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)      case BT_S: case BT_CR: case BT_LF: -      for (ptr += MINBPC(enc); ptr != end; ptr += MINBPC(enc)) { +      for (ptr += MINBPC(enc); HAS_CHAR(enc, ptr, end); ptr += MINBPC(enc)) {          switch (BYTE_TYPE(enc, ptr)) {          case BT_S: case BT_CR: case BT_LF:            break; @@ -432,7 +440,7 @@ static int PTRCALL  PREFIX(scanHexCharRef)(const ENCODING *enc, const char *ptr,                         const char *end, const char **nextTokPtr)  { -  if (ptr != end) { +  if (HAS_CHAR(enc, ptr, end)) {      switch (BYTE_TYPE(enc, ptr)) {      case BT_DIGIT:      case BT_HEX: @@ -441,7 +449,7 @@ PREFIX(scanHexCharRef)(const ENCODING *enc, const char *ptr,        *nextTokPtr = ptr;        return XML_TOK_INVALID;      } -    for (ptr += MINBPC(enc); ptr != end; ptr += MINBPC(enc)) { +    for (ptr += MINBPC(enc); HAS_CHAR(enc, ptr, end); ptr += MINBPC(enc)) {        switch (BYTE_TYPE(enc, ptr)) {        case BT_DIGIT:        case BT_HEX: @@ -464,7 +472,7 @@ static int PTRCALL  PREFIX(scanCharRef)(const ENCODING *enc, const char *ptr,                      const char *end, const char **nextTokPtr)  { -  if (ptr != end) { +  if (HAS_CHAR(enc, ptr, end)) {      if (CHAR_MATCHES(enc, ptr, ASCII_x))        return PREFIX(scanHexCharRef)(enc, ptr + MINBPC(enc), end, nextTokPtr);      switch (BYTE_TYPE(enc, ptr)) { @@ -474,7 +482,7 @@ PREFIX(scanCharRef)(const ENCODING *enc, const char *ptr,        *nextTokPtr = ptr;        return XML_TOK_INVALID;      } -    for (ptr += MINBPC(enc); ptr != end; ptr += MINBPC(enc)) { +    for (ptr += MINBPC(enc); HAS_CHAR(enc, ptr, end); ptr += MINBPC(enc)) {        switch (BYTE_TYPE(enc, ptr)) {        case BT_DIGIT:          break; @@ -496,8 +504,7 @@ static int PTRCALL  PREFIX(scanRef)(const ENCODING *enc, const char *ptr, const char *end,                  const char **nextTokPtr)  { -  if (ptr == end) -    return XML_TOK_PARTIAL; +  REQUIRE_CHAR(enc, ptr, end);    switch (BYTE_TYPE(enc, ptr)) {    CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr)    case BT_NUM: @@ -506,7 +513,7 @@ PREFIX(scanRef)(const ENCODING *enc, const char *ptr, const char *end,      *nextTokPtr = ptr;      return XML_TOK_INVALID;    } -  while (ptr != end) { +  while (HAS_CHAR(enc, ptr, end)) {      switch (BYTE_TYPE(enc, ptr)) {      CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)      case BT_SEMI: @@ -529,7 +536,7 @@ PREFIX(scanAtts)(const ENCODING *enc, const char *ptr, const char *end,  #ifdef XML_NS    int hadColon = 0;  #endif -  while (ptr != end) { +  while (HAS_CHAR(enc, ptr, end)) {      switch (BYTE_TYPE(enc, ptr)) {      CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)  #ifdef XML_NS @@ -540,8 +547,7 @@ PREFIX(scanAtts)(const ENCODING *enc, const char *ptr, const char *end,        }        hadColon = 1;        ptr += MINBPC(enc); -      if (ptr == end) -        return XML_TOK_PARTIAL; +      REQUIRE_CHAR(enc, ptr, end);        switch (BYTE_TYPE(enc, ptr)) {        CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr)        default: @@ -555,8 +561,7 @@ PREFIX(scanAtts)(const ENCODING *enc, const char *ptr, const char *end,          int t;          ptr += MINBPC(enc); -        if (ptr == end) -          return XML_TOK_PARTIAL; +        REQUIRE_CHAR(enc, ptr, end);          t = BYTE_TYPE(enc, ptr);          if (t == BT_EQUALS)            break; @@ -579,8 +584,7 @@ PREFIX(scanAtts)(const ENCODING *enc, const char *ptr, const char *end,  #endif          for (;;) {            ptr += MINBPC(enc); -          if (ptr == end) -            return XML_TOK_PARTIAL; +          REQUIRE_CHAR(enc, ptr, end);            open = BYTE_TYPE(enc, ptr);            if (open == BT_QUOT || open == BT_APOS)              break; @@ -598,8 +602,7 @@ PREFIX(scanAtts)(const ENCODING *enc, const char *ptr, const char *end,          /* in attribute value */          for (;;) {            int t; -          if (ptr == end) -            return XML_TOK_PARTIAL; +          REQUIRE_CHAR(enc, ptr, end);            t = BYTE_TYPE(enc, ptr);            if (t == open)              break; @@ -624,8 +627,7 @@ PREFIX(scanAtts)(const ENCODING *enc, const char *ptr, const char *end,            }          }          ptr += MINBPC(enc); -        if (ptr == end) -          return XML_TOK_PARTIAL; +        REQUIRE_CHAR(enc, ptr, end);          switch (BYTE_TYPE(enc, ptr)) {          case BT_S:          case BT_CR: @@ -642,8 +644,7 @@ PREFIX(scanAtts)(const ENCODING *enc, const char *ptr, const char *end,          /* ptr points to closing quote */          for (;;) {            ptr += MINBPC(enc); -          if (ptr == end) -            return XML_TOK_PARTIAL; +          REQUIRE_CHAR(enc, ptr, end);            switch (BYTE_TYPE(enc, ptr)) {            CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr)            case BT_S: case BT_CR: case BT_LF: @@ -655,8 +656,7 @@ PREFIX(scanAtts)(const ENCODING *enc, const char *ptr, const char *end,            case BT_SOL:            sol:              ptr += MINBPC(enc); -            if (ptr == end) -              return XML_TOK_PARTIAL; +            REQUIRE_CHAR(enc, ptr, end);              if (!CHAR_MATCHES(enc, ptr, ASCII_GT)) {                *nextTokPtr = ptr;                return XML_TOK_INVALID; @@ -688,13 +688,12 @@ PREFIX(scanLt)(const ENCODING *enc, const char *ptr, const char *end,  #ifdef XML_NS    int hadColon;  #endif -  if (ptr == end) -    return XML_TOK_PARTIAL; +  REQUIRE_CHAR(enc, ptr, end);    switch (BYTE_TYPE(enc, ptr)) {    CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr)    case BT_EXCL: -    if ((ptr += MINBPC(enc)) == end) -      return XML_TOK_PARTIAL; +    ptr += MINBPC(enc); +    REQUIRE_CHAR(enc, ptr, end);      switch (BYTE_TYPE(enc, ptr)) {      case BT_MINUS:        return PREFIX(scanComment)(enc, ptr + MINBPC(enc), end, nextTokPtr); @@ -716,7 +715,7 @@ PREFIX(scanLt)(const ENCODING *enc, const char *ptr, const char *end,    hadColon = 0;  #endif    /* we have a start-tag */ -  while (ptr != end) { +  while (HAS_CHAR(enc, ptr, end)) {      switch (BYTE_TYPE(enc, ptr)) {      CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)  #ifdef XML_NS @@ -727,8 +726,7 @@ PREFIX(scanLt)(const ENCODING *enc, const char *ptr, const char *end,        }        hadColon = 1;        ptr += MINBPC(enc); -      if (ptr == end) -        return XML_TOK_PARTIAL; +      REQUIRE_CHAR(enc, ptr, end);        switch (BYTE_TYPE(enc, ptr)) {        CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr)        default: @@ -740,7 +738,7 @@ PREFIX(scanLt)(const ENCODING *enc, const char *ptr, const char *end,      case BT_S: case BT_CR: case BT_LF:        {          ptr += MINBPC(enc); -        while (ptr != end) { +        while (HAS_CHAR(enc, ptr, end)) {            switch (BYTE_TYPE(enc, ptr)) {            CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr)            case BT_GT: @@ -765,8 +763,7 @@ PREFIX(scanLt)(const ENCODING *enc, const char *ptr, const char *end,      case BT_SOL:      sol:        ptr += MINBPC(enc); -      if (ptr == end) -        return XML_TOK_PARTIAL; +      REQUIRE_CHAR(enc, ptr, end);        if (!CHAR_MATCHES(enc, ptr, ASCII_GT)) {          *nextTokPtr = ptr;          return XML_TOK_INVALID; @@ -785,7 +782,7 @@ static int PTRCALL  PREFIX(contentTok)(const ENCODING *enc, const char *ptr, const char *end,                     const char **nextTokPtr)  { -  if (ptr == end) +  if (ptr >= end)      return XML_TOK_NONE;    if (MINBPC(enc) > 1) {      size_t n = end - ptr; @@ -803,7 +800,7 @@ PREFIX(contentTok)(const ENCODING *enc, const char *ptr, const char *end,      return PREFIX(scanRef)(enc, ptr + MINBPC(enc), end, nextTokPtr);    case BT_CR:      ptr += MINBPC(enc); -    if (ptr == end) +    if (! HAS_CHAR(enc, ptr, end))        return XML_TOK_TRAILING_CR;      if (BYTE_TYPE(enc, ptr) == BT_LF)        ptr += MINBPC(enc); @@ -814,12 +811,12 @@ PREFIX(contentTok)(const ENCODING *enc, const char *ptr, const char *end,      return XML_TOK_DATA_NEWLINE;    case BT_RSQB:      ptr += MINBPC(enc); -    if (ptr == end) +    if (! HAS_CHAR(enc, ptr, end))        return XML_TOK_TRAILING_RSQB;      if (!CHAR_MATCHES(enc, ptr, ASCII_RSQB))        break;      ptr += MINBPC(enc); -    if (ptr == end) +    if (! HAS_CHAR(enc, ptr, end))        return XML_TOK_TRAILING_RSQB;      if (!CHAR_MATCHES(enc, ptr, ASCII_GT)) {        ptr -= MINBPC(enc); @@ -832,7 +829,7 @@ PREFIX(contentTok)(const ENCODING *enc, const char *ptr, const char *end,      ptr += MINBPC(enc);      break;    } -  while (ptr != end) { +  while (HAS_CHAR(enc, ptr, end)) {      switch (BYTE_TYPE(enc, ptr)) {  #define LEAD_CASE(n) \      case BT_LEAD ## n: \ @@ -845,12 +842,12 @@ PREFIX(contentTok)(const ENCODING *enc, const char *ptr, const char *end,      LEAD_CASE(2) LEAD_CASE(3) LEAD_CASE(4)  #undef LEAD_CASE      case BT_RSQB: -      if (ptr + MINBPC(enc) != end) { +      if (HAS_CHARS(enc, ptr, end, 2)) {           if (!CHAR_MATCHES(enc, ptr + MINBPC(enc), ASCII_RSQB)) {             ptr += MINBPC(enc);             break;           } -         if (ptr + 2*MINBPC(enc) != end) { +         if (HAS_CHARS(enc, ptr, end, 3)) {             if (!CHAR_MATCHES(enc, ptr + 2*MINBPC(enc), ASCII_GT)) {               ptr += MINBPC(enc);               break; @@ -884,8 +881,7 @@ static int PTRCALL  PREFIX(scanPercent)(const ENCODING *enc, const char *ptr, const char *end,                      const char **nextTokPtr)  { -  if (ptr == end) -    return XML_TOK_PARTIAL; +  REQUIRE_CHAR(enc, ptr, end);    switch (BYTE_TYPE(enc, ptr)) {    CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr)    case BT_S: case BT_LF: case BT_CR: case BT_PERCNT: @@ -895,7 +891,7 @@ PREFIX(scanPercent)(const ENCODING *enc, const char *ptr, const char *end,      *nextTokPtr = ptr;      return XML_TOK_INVALID;    } -  while (ptr != end) { +  while (HAS_CHAR(enc, ptr, end)) {      switch (BYTE_TYPE(enc, ptr)) {      CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)      case BT_SEMI: @@ -913,15 +909,14 @@ static int PTRCALL  PREFIX(scanPoundName)(const ENCODING *enc, const char *ptr, const char *end,                        const char **nextTokPtr)  { -  if (ptr == end) -    return XML_TOK_PARTIAL; +  REQUIRE_CHAR(enc, ptr, end);    switch (BYTE_TYPE(enc, ptr)) {    CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr)    default:      *nextTokPtr = ptr;      return XML_TOK_INVALID;    } -  while (ptr != end) { +  while (HAS_CHAR(enc, ptr, end)) {      switch (BYTE_TYPE(enc, ptr)) {      CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)      case BT_CR: case BT_LF: case BT_S: @@ -941,7 +936,7 @@ PREFIX(scanLit)(int open, const ENCODING *enc,                  const char *ptr, const char *end,                  const char **nextTokPtr)  { -  while (ptr != end) { +  while (HAS_CHAR(enc, ptr, end)) {      int t = BYTE_TYPE(enc, ptr);      switch (t) {      INVALID_CASES(ptr, nextTokPtr) @@ -950,7 +945,7 @@ PREFIX(scanLit)(int open, const ENCODING *enc,        ptr += MINBPC(enc);        if (t != open)          break; -      if (ptr == end) +      if (! HAS_CHAR(enc, ptr, end))          return -XML_TOK_LITERAL;        *nextTokPtr = ptr;        switch (BYTE_TYPE(enc, ptr)) { @@ -973,7 +968,7 @@ PREFIX(prologTok)(const ENCODING *enc, const char *ptr, const char *end,                    const char **nextTokPtr)  {    int tok; -  if (ptr == end) +  if (ptr >= end)      return XML_TOK_NONE;    if (MINBPC(enc) > 1) {      size_t n = end - ptr; @@ -992,8 +987,7 @@ PREFIX(prologTok)(const ENCODING *enc, const char *ptr, const char *end,    case BT_LT:      {        ptr += MINBPC(enc); -      if (ptr == end) -        return XML_TOK_PARTIAL; +      REQUIRE_CHAR(enc, ptr, end);        switch (BYTE_TYPE(enc, ptr)) {        case BT_EXCL:          return PREFIX(scanDecl)(enc, ptr + MINBPC(enc), end, nextTokPtr); @@ -1021,7 +1015,7 @@ PREFIX(prologTok)(const ENCODING *enc, const char *ptr, const char *end,    case BT_S: case BT_LF:      for (;;) {        ptr += MINBPC(enc); -      if (ptr == end) +      if (! HAS_CHAR(enc, ptr, end))          break;        switch (BYTE_TYPE(enc, ptr)) {        case BT_S: case BT_LF: @@ -1048,11 +1042,10 @@ PREFIX(prologTok)(const ENCODING *enc, const char *ptr, const char *end,      return XML_TOK_OPEN_BRACKET;    case BT_RSQB:      ptr += MINBPC(enc); -    if (ptr == end) +    if (! HAS_CHAR(enc, ptr, end))        return -XML_TOK_CLOSE_BRACKET;      if (CHAR_MATCHES(enc, ptr, ASCII_RSQB)) { -      if (ptr + MINBPC(enc) == end) -        return XML_TOK_PARTIAL; +      REQUIRE_CHARS(enc, ptr, end, 2);        if (CHAR_MATCHES(enc, ptr + MINBPC(enc), ASCII_GT)) {          *nextTokPtr = ptr + 2*MINBPC(enc);          return XML_TOK_COND_SECT_CLOSE; @@ -1065,7 +1058,7 @@ PREFIX(prologTok)(const ENCODING *enc, const char *ptr, const char *end,      return XML_TOK_OPEN_PAREN;    case BT_RPAR:      ptr += MINBPC(enc); -    if (ptr == end) +    if (! HAS_CHAR(enc, ptr, end))        return -XML_TOK_CLOSE_PAREN;      switch (BYTE_TYPE(enc, ptr)) {      case BT_AST: @@ -1141,7 +1134,7 @@ PREFIX(prologTok)(const ENCODING *enc, const char *ptr, const char *end,      *nextTokPtr = ptr;      return XML_TOK_INVALID;    } -  while (ptr != end) { +  while (HAS_CHAR(enc, ptr, end)) {      switch (BYTE_TYPE(enc, ptr)) {      CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)      case BT_GT: case BT_RPAR: case BT_COMMA: @@ -1154,8 +1147,7 @@ PREFIX(prologTok)(const ENCODING *enc, const char *ptr, const char *end,        ptr += MINBPC(enc);        switch (tok) {        case XML_TOK_NAME: -        if (ptr == end) -          return XML_TOK_PARTIAL; +        REQUIRE_CHAR(enc, ptr, end);          tok = XML_TOK_PREFIXED_NAME;          switch (BYTE_TYPE(enc, ptr)) {          CHECK_NAME_CASES(enc, ptr, end, nextTokPtr) @@ -1204,10 +1196,12 @@ PREFIX(attributeValueTok)(const ENCODING *enc, const char *ptr,                            const char *end, const char **nextTokPtr)  {    const char *start; -  if (ptr == end) +  if (ptr >= end)      return XML_TOK_NONE; +  else if (! HAS_CHAR(enc, ptr, end)) +    return XML_TOK_PARTIAL;    start = ptr; -  while (ptr != end) { +  while (HAS_CHAR(enc, ptr, end)) {      switch (BYTE_TYPE(enc, ptr)) {  #define LEAD_CASE(n) \      case BT_LEAD ## n: ptr += n; break; @@ -1232,7 +1226,7 @@ PREFIX(attributeValueTok)(const ENCODING *enc, const char *ptr,      case BT_CR:        if (ptr == start) {          ptr += MINBPC(enc); -        if (ptr == end) +        if (! HAS_CHAR(enc, ptr, end))            return XML_TOK_TRAILING_CR;          if (BYTE_TYPE(enc, ptr) == BT_LF)            ptr += MINBPC(enc); @@ -1262,10 +1256,12 @@ PREFIX(entityValueTok)(const ENCODING *enc, const char *ptr,                         const char *end, const char **nextTokPtr)  {    const char *start; -  if (ptr == end) +  if (ptr >= end)      return XML_TOK_NONE; +  else if (! HAS_CHAR(enc, ptr, end)) +    return XML_TOK_PARTIAL;    start = ptr; -  while (ptr != end) { +  while (HAS_CHAR(enc, ptr, end)) {      switch (BYTE_TYPE(enc, ptr)) {  #define LEAD_CASE(n) \      case BT_LEAD ## n: ptr += n; break; @@ -1294,7 +1290,7 @@ PREFIX(entityValueTok)(const ENCODING *enc, const char *ptr,      case BT_CR:        if (ptr == start) {          ptr += MINBPC(enc); -        if (ptr == end) +        if (! HAS_CHAR(enc, ptr, end))            return XML_TOK_TRAILING_CR;          if (BYTE_TYPE(enc, ptr) == BT_LF)            ptr += MINBPC(enc); @@ -1326,15 +1322,15 @@ PREFIX(ignoreSectionTok)(const ENCODING *enc, const char *ptr,        end = ptr + n;      }    } -  while (ptr != end) { +  while (HAS_CHAR(enc, ptr, end)) {      switch (BYTE_TYPE(enc, ptr)) {      INVALID_CASES(ptr, nextTokPtr)      case BT_LT: -      if ((ptr += MINBPC(enc)) == end) -        return XML_TOK_PARTIAL; +      ptr += MINBPC(enc); +      REQUIRE_CHAR(enc, ptr, end);        if (CHAR_MATCHES(enc, ptr, ASCII_EXCL)) { -        if ((ptr += MINBPC(enc)) == end) -          return XML_TOK_PARTIAL; +        ptr += MINBPC(enc); +        REQUIRE_CHAR(enc, ptr, end);          if (CHAR_MATCHES(enc, ptr, ASCII_LSQB)) {            ++level;            ptr += MINBPC(enc); @@ -1342,11 +1338,11 @@ PREFIX(ignoreSectionTok)(const ENCODING *enc, const char *ptr,        }        break;      case BT_RSQB: -      if ((ptr += MINBPC(enc)) == end) -        return XML_TOK_PARTIAL; +      ptr += MINBPC(enc); +      REQUIRE_CHAR(enc, ptr, end);        if (CHAR_MATCHES(enc, ptr, ASCII_RSQB)) { -        if ((ptr += MINBPC(enc)) == end) -          return XML_TOK_PARTIAL; +        ptr += MINBPC(enc); +        REQUIRE_CHAR(enc, ptr, end);          if (CHAR_MATCHES(enc, ptr, ASCII_GT)) {            ptr += MINBPC(enc);            if (level == 0) { @@ -1373,7 +1369,7 @@ PREFIX(isPublicId)(const ENCODING *enc, const char *ptr, const char *end,  {    ptr += MINBPC(enc);    end -= MINBPC(enc); -  for (; ptr != end; ptr += MINBPC(enc)) { +  for (; HAS_CHAR(enc, ptr, end); ptr += MINBPC(enc)) {      switch (BYTE_TYPE(enc, ptr)) {      case BT_DIGIT:      case BT_HEX: @@ -1521,7 +1517,7 @@ PREFIX(getAtts)(const ENCODING *enc, const char *ptr,  }  static int PTRFASTCALL -PREFIX(charRefNumber)(const ENCODING *enc, const char *ptr) +PREFIX(charRefNumber)(const ENCODING *UNUSED_P(enc), const char *ptr)  {    int result = 0;    /* skip &# */ @@ -1565,7 +1561,7 @@ PREFIX(charRefNumber)(const ENCODING *enc, const char *ptr)  }  static int PTRCALL -PREFIX(predefinedEntityName)(const ENCODING *enc, const char *ptr, +PREFIX(predefinedEntityName)(const ENCODING *UNUSED_P(enc), const char *ptr,                               const char *end)  {    switch ((end - ptr)/MINBPC(enc)) { @@ -1683,11 +1679,11 @@ PREFIX(sameName)(const ENCODING *enc, const char *ptr1, const char *ptr2)  }  static int PTRCALL -PREFIX(nameMatchesAscii)(const ENCODING *enc, const char *ptr1, +PREFIX(nameMatchesAscii)(const ENCODING *UNUSED_P(enc), const char *ptr1,                           const char *end1, const char *ptr2)  {    for (; *ptr2; ptr1 += MINBPC(enc), ptr2++) { -    if (ptr1 == end1) +    if (end1 - ptr1 < MINBPC(enc))        return 0;      if (!CHAR_MATCHES(enc, ptr1, *ptr2))        return 0; @@ -1744,7 +1740,7 @@ PREFIX(updatePosition)(const ENCODING *enc,                         const char *end,                         POSITION *pos)  { -  while (ptr < end) { +  while (HAS_CHAR(enc, ptr, end)) {      switch (BYTE_TYPE(enc, ptr)) {  #define LEAD_CASE(n) \      case BT_LEAD ## n: \ @@ -1760,7 +1756,7 @@ PREFIX(updatePosition)(const ENCODING *enc,      case BT_CR:        pos->lineNumber++;        ptr += MINBPC(enc); -      if (ptr != end && BYTE_TYPE(enc, ptr) == BT_LF) +      if (HAS_CHAR(enc, ptr, end) && BYTE_TYPE(enc, ptr) == BT_LF)          ptr += MINBPC(enc);        pos->columnNumber = (XML_Size)-1;        break; | 
 Swift
 Swift