diff options
| author |  Nikias Bassen | 2025-10-29 16:43:35 +0100 |
|---|---|---|
| committer | Nikias Bassen | 2025-10-29 16:43:35 +0100 |
| commit | 613a76fb86294aa9ebff172932978c67b4d3cc3d (patch) | |
| tree | 405c6833399282635606d59de5facac71d378884 | |
| parent | 2bcc19589d9f34bb25f04bd0d4b755bbe06c9271 (diff) | |
| download | libplist-613a76fb86294aa9ebff172932978c67b4d3cc3d.tar.gz libplist-613a76fb86294aa9ebff172932978c67b4d3cc3d.tar.bz2 | |
xplist: Fix possible integer overflow
Thanks to @ylwango613 for reporting
| -rw-r--r-- | src/xplist.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/xplist.c b/src/xplist.c index 66e1dba..7e39ea4 100644 --- a/src/xplist.c +++ b/src/xplist.c @@ -1066,7 +1066,7 @@ static plist_err_t node_from_xml(parse_ctx ctx, plist_t *plist) ctx->err++; goto err_out; } - int taglen = ctx->pos - p; + size_t taglen = ctx->pos - p; tag = (char*)malloc(taglen + 1); strncpy(tag, p, taglen); tag[taglen] = '\0'; @@ -1084,7 +1084,7 @@ static plist_err_t node_from_xml(parse_ctx ctx, plist_t *plist) goto err_out; } if (*(ctx->pos-1) == '/') { - int idx = ctx->pos - p - 1; + size_t idx = ctx->pos - p - 1; if (idx < taglen) tag[idx] = '\0'; is_empty = 1; |