diff options
| -rw-r--r-- | third_party/libxml/README.chromium | 1 | ||||
| -rw-r--r-- | third_party/libxml/src/globals.c | 25 |
2 files changed, 23 insertions, 3 deletions
diff --git a/third_party/libxml/README.chromium b/third_party/libxml/README.chromium index f6a1e2e..0292550 100644 --- a/third_party/libxml/README.chromium +++ b/third_party/libxml/README.chromium @@ -25,6 +25,7 @@ Modifications: - Merge clang warning fix http://git.gnome.org/browse/libxml2/commit/?id=aae48e64dfbf2b46b157a4c1857e30645116388f - Add a fix for proper escaping of xpointer expressions, commit upstream is pending. - Add helper classes in chromium/libxml_utils.cc and chromium/include/libxml/libxml_utils.h. +- Add a tweak to limit problems caused by excessive strings and buffers. To import a new snapshot of libxml: diff --git a/third_party/libxml/src/globals.c b/third_party/libxml/src/globals.c index 69002f0..b369346 100644 --- a/third_party/libxml/src/globals.c +++ b/third_party/libxml/src/globals.c @@ -86,6 +86,25 @@ xmlMallocFunc xmlMallocAtomic = (xmlMallocFunc) xmlMemMalloc; xmlReallocFunc xmlRealloc = (xmlReallocFunc) xmlMemRealloc; xmlStrdupFunc xmlMemStrdup = (xmlStrdupFunc) xmlMemoryStrdup; #else + +#define MAX_LIBXML_MALLOC (1024*1024*512) + +static void* size_checked_malloc(size_t size) { + if (size > MAX_LIBXML_MALLOC) { + *(volatile char*)0 = '\0'; + return NULL; + } + return malloc(size); +} + +static void* size_checked_realloc(void* ptr, size_t size) { + if (size > MAX_LIBXML_MALLOC) { + *(volatile char*)0 = '\0'; + return NULL; + } + return realloc(ptr, size); +} + /** * xmlFree: * @mem: an already allocated block of memory @@ -101,7 +120,7 @@ xmlFreeFunc xmlFree = (xmlFreeFunc) free; * * Returns a pointer to the newly allocated block or NULL in case of error */ -xmlMallocFunc xmlMalloc = (xmlMallocFunc) malloc; +xmlMallocFunc xmlMalloc = (xmlMallocFunc) size_checked_malloc; /** * xmlMallocAtomic: * @size: the size requested in bytes @@ -112,7 +131,7 @@ xmlMallocFunc xmlMalloc = (xmlMallocFunc) malloc; * * Returns a pointer to the newly allocated block or NULL in case of error */ -xmlMallocFunc xmlMallocAtomic = (xmlMallocFunc) malloc; +xmlMallocFunc xmlMallocAtomic = (xmlMallocFunc) size_checked_malloc; /** * xmlRealloc: * @mem: an already allocated block of memory @@ -122,7 +141,7 @@ xmlMallocFunc xmlMallocAtomic = (xmlMallocFunc) malloc; * * Returns a pointer to the newly reallocated block or NULL in case of error */ -xmlReallocFunc xmlRealloc = (xmlReallocFunc) realloc; +xmlReallocFunc xmlRealloc = (xmlReallocFunc) size_checked_realloc; /** * xmlMemStrdup: * @str: a zero terminated string |