加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
克隆/下载
buf.c 32.97 KB
一键复制 编辑 原始数据 按行查看 历史
fyz1019 提交于 2022-12-05 15:46 . 安全漏洞[CVE-2022-29824] 完善
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334
/*
* buf.c: memory buffers for libxml2
*
* new buffer structures and entry points to simplify the maintenance
* of libxml2 and ensure we keep good control over memory allocations
* and stay 64 bits clean.
* The new entry point use the xmlBufPtr opaque structure and
* xmlBuf...() counterparts to the old xmlBuf...() functions
*
* See Copyright for the status of this software.
*
* daniel@veillard.com
*/
#define IN_LIBXML
#include "libxml.h"
#include <string.h> /* for memset() only ! */
#include <limits.h>
#ifdef HAVE_CTYPE_H
#include <ctype.h>
#endif
#ifdef HAVE_STDLIB_H
#include <stdlib.h>
#endif
#include <libxml/tree.h>
#include <libxml/globals.h>
#include <libxml/tree.h>
#include <libxml/parserInternals.h> /* for XML_MAX_TEXT_LENGTH */
#include "buf.h"
#ifndef SIZE_MAX
#define SIZE_MAX ((size_t) -1)
#endif
#define WITH_BUFFER_COMPAT
/**
* xmlBuf:
*
* A buffer structure. The base of the structure is somehow compatible
* with struct _xmlBuffer to limit risks on application which accessed
* directly the input->buf->buffer structures.
*/
struct _xmlBuf {
xmlChar *content; /* The buffer content UTF8 */
unsigned int compat_use; /* for binary compatibility */
unsigned int compat_size; /* for binary compatibility */
xmlBufferAllocationScheme alloc; /* The realloc method */
xmlChar *contentIO; /* in IO mode we may have a different base */
size_t use; /* The buffer size used */
size_t size; /* The buffer size */
xmlBufferPtr buffer; /* wrapper for an old buffer */
int error; /* an error code if a failure occurred */
};
#ifdef WITH_BUFFER_COMPAT
/*
* Macro for compatibility with xmlBuffer to be used after an xmlBuf
* is updated. This makes sure the compat fields are updated too.
*/
#define UPDATE_COMPAT(buf) \
if (buf->size < INT_MAX) buf->compat_size = buf->size; \
else buf->compat_size = INT_MAX; \
if (buf->use < INT_MAX) buf->compat_use = buf->use; \
else buf->compat_use = INT_MAX;
/*
* Macro for compatibility with xmlBuffer to be used in all the xmlBuf
* entry points, it checks that the compat fields have not been modified
* by direct call to xmlBuffer function from code compiled before 2.9.0 .
*/
#define CHECK_COMPAT(buf) \
if (buf->size != (size_t) buf->compat_size) \
if (buf->compat_size < INT_MAX) \
buf->size = buf->compat_size; \
if (buf->use != (size_t) buf->compat_use) \
if (buf->compat_use < INT_MAX) \
buf->use = buf->compat_use;
#else /* ! WITH_BUFFER_COMPAT */
#define UPDATE_COMPAT(buf)
#define CHECK_COMPAT(buf)
#endif /* WITH_BUFFER_COMPAT */
/**
* xmlBufMemoryError:
* @extra: extra information
*
* Handle an out of memory condition
* To be improved...
*/
static void
xmlBufMemoryError(xmlBufPtr buf, const char *extra)
{
__xmlSimpleError(XML_FROM_BUFFER, XML_ERR_NO_MEMORY, NULL, NULL, extra);
if ((buf) && (buf->error == 0))
buf->error = XML_ERR_NO_MEMORY;
}
/**
* xmlBufOverflowError:
* @extra: extra information
*
* Handle a buffer overflow error
* To be improved...
*/
static void
xmlBufOverflowError(xmlBufPtr buf, const char *extra)
{
__xmlSimpleError(XML_FROM_BUFFER, XML_BUF_OVERFLOW, NULL, NULL, extra);
if ((buf) && (buf->error == 0))
buf->error = XML_BUF_OVERFLOW;
}
/**
* xmlBufCreate:
*
* routine to create an XML buffer.
* returns the new structure.
*/
xmlBufPtr
xmlBufCreate(void) {
xmlBufPtr ret;
ret = (xmlBufPtr) xmlMalloc(sizeof(xmlBuf));
if (ret == NULL) {
xmlBufMemoryError(NULL, "creating buffer");
return(NULL);
}
ret->compat_use = 0;
ret->use = 0;
ret->error = 0;
ret->buffer = NULL;
ret->size = xmlDefaultBufferSize;
ret->compat_size = xmlDefaultBufferSize;
ret->alloc = xmlBufferAllocScheme;
ret->content = (xmlChar *) xmlMallocAtomic(ret->size * sizeof(xmlChar));
if (ret->content == NULL) {
xmlBufMemoryError(ret, "creating buffer");
xmlFree(ret);
return(NULL);
}
ret->content[0] = 0;
ret->contentIO = NULL;
return(ret);
}
/**
* xmlBufCreateSize:
* @size: initial size of buffer
*
* routine to create an XML buffer.
* returns the new structure.
*/
xmlBufPtr
xmlBufCreateSize(size_t size) {
xmlBufPtr ret;
if (size == SIZE_MAX)
return(NULL);
ret = (xmlBufPtr) xmlMalloc(sizeof(xmlBuf));
if (ret == NULL) {
xmlBufMemoryError(NULL, "creating buffer");
return(NULL);
}
ret->compat_use = 0;
ret->use = 0;
ret->error = 0;
ret->buffer = NULL;
ret->alloc = xmlBufferAllocScheme;
ret->size = (size ? size + 1 : 0); /* +1 for ending null */
ret->compat_size = (ret->size > INT_MAX ? INT_MAX : ret->size);
if (ret->size){
ret->content = (xmlChar *) xmlMallocAtomic(ret->size * sizeof(xmlChar));
if (ret->content == NULL) {
xmlBufMemoryError(ret, "creating buffer");
xmlFree(ret);
return(NULL);
}
ret->content[0] = 0;
} else
ret->content = NULL;
ret->contentIO = NULL;
return(ret);
}
/**
* xmlBufDetach:
* @buf: the buffer
*
* Remove the string contained in a buffer and give it back to the
* caller. The buffer is reset to an empty content.
* This doesn't work with immutable buffers as they can't be reset.
*
* Returns the previous string contained by the buffer.
*/
xmlChar *
xmlBufDetach(xmlBufPtr buf) {
xmlChar *ret;
if (buf == NULL)
return(NULL);
if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE)
return(NULL);
if (buf->buffer != NULL)
return(NULL);
if (buf->error)
return(NULL);
ret = buf->content;
buf->content = NULL;
buf->size = 0;
buf->use = 0;
buf->compat_use = 0;
buf->compat_size = 0;
return ret;
}
/**
* xmlBufCreateStatic:
* @mem: the memory area
* @size: the size in byte
*
* routine to create an XML buffer from an immutable memory area.
* The area won't be modified nor copied, and is expected to be
* present until the end of the buffer lifetime.
*
* returns the new structure.
*/
xmlBufPtr
xmlBufCreateStatic(void *mem, size_t size) {
xmlBufPtr ret;
if (mem == NULL)
return(NULL);
ret = (xmlBufPtr) xmlMalloc(sizeof(xmlBuf));
if (ret == NULL) {
xmlBufMemoryError(NULL, "creating buffer");
return(NULL);
}
if (size < INT_MAX) {
ret->compat_use = size;
ret->compat_size = size;
} else {
ret->compat_use = INT_MAX;
ret->compat_size = INT_MAX;
}
ret->use = size;
ret->size = size;
ret->alloc = XML_BUFFER_ALLOC_IMMUTABLE;
ret->content = (xmlChar *) mem;
ret->error = 0;
ret->buffer = NULL;
return(ret);
}
/**
* xmlBufGetAllocationScheme:
* @buf: the buffer
*
* Get the buffer allocation scheme
*
* Returns the scheme or -1 in case of error
*/
int
xmlBufGetAllocationScheme(xmlBufPtr buf) {
if (buf == NULL) {
#ifdef DEBUG_BUFFER
xmlGenericError(xmlGenericErrorContext,
"xmlBufGetAllocationScheme: buf == NULL\n");
#endif
return(-1);
}
return(buf->alloc);
}
/**
* xmlBufSetAllocationScheme:
* @buf: the buffer to tune
* @scheme: allocation scheme to use
*
* Sets the allocation scheme for this buffer
*
* returns 0 in case of success and -1 in case of failure
*/
int
xmlBufSetAllocationScheme(xmlBufPtr buf,
xmlBufferAllocationScheme scheme) {
if ((buf == NULL) || (buf->error != 0)) {
#ifdef DEBUG_BUFFER
xmlGenericError(xmlGenericErrorContext,
"xmlBufSetAllocationScheme: buf == NULL or in error\n");
#endif
return(-1);
}
if ((buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) ||
(buf->alloc == XML_BUFFER_ALLOC_IO))
return(-1);
if ((scheme == XML_BUFFER_ALLOC_DOUBLEIT) ||
(scheme == XML_BUFFER_ALLOC_EXACT) ||
(scheme == XML_BUFFER_ALLOC_HYBRID) ||
(scheme == XML_BUFFER_ALLOC_IMMUTABLE) ||
(scheme == XML_BUFFER_ALLOC_BOUNDED)) {
buf->alloc = scheme;
if (buf->buffer)
buf->buffer->alloc = scheme;
return(0);
}
/*
* Switching a buffer ALLOC_IO has the side effect of initializing
* the contentIO field with the current content
*/
if (scheme == XML_BUFFER_ALLOC_IO) {
buf->alloc = XML_BUFFER_ALLOC_IO;
buf->contentIO = buf->content;
}
return(-1);
}
/**
* xmlBufFree:
* @buf: the buffer to free
*
* Frees an XML buffer. It frees both the content and the structure which
* encapsulate it.
*/
void
xmlBufFree(xmlBufPtr buf) {
if (buf == NULL) {
#ifdef DEBUG_BUFFER
xmlGenericError(xmlGenericErrorContext,
"xmlBufFree: buf == NULL\n");
#endif
return;
}
if ((buf->alloc == XML_BUFFER_ALLOC_IO) &&
(buf->contentIO != NULL)) {
xmlFree(buf->contentIO);
} else if ((buf->content != NULL) &&
(buf->alloc != XML_BUFFER_ALLOC_IMMUTABLE)) {
xmlFree(buf->content);
}
xmlFree(buf);
}
/**
* xmlBufEmpty:
* @buf: the buffer
*
* empty a buffer.
*/
void
xmlBufEmpty(xmlBufPtr buf) {
if ((buf == NULL) || (buf->error != 0)) return;
if (buf->content == NULL) return;
CHECK_COMPAT(buf)
buf->use = 0;
if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) {
buf->content = BAD_CAST "";
} else if ((buf->alloc == XML_BUFFER_ALLOC_IO) &&
(buf->contentIO != NULL)) {
size_t start_buf = buf->content - buf->contentIO;
buf->size += start_buf;
buf->content = buf->contentIO;
buf->content[0] = 0;
} else {
buf->content[0] = 0;
}
UPDATE_COMPAT(buf)
}
/**
* xmlBufShrink:
* @buf: the buffer to dump
* @len: the number of xmlChar to remove
*
* Remove the beginning of an XML buffer.
* NOTE that this routine behaviour differs from xmlBufferShrink()
* as it will return 0 on error instead of -1 due to size_t being
* used as the return type.
*
* Returns the number of byte removed or 0 in case of failure
*/
size_t
xmlBufShrink(xmlBufPtr buf, size_t len) {
if ((buf == NULL) || (buf->error != 0)) return(0);
CHECK_COMPAT(buf)
if (len == 0) return(0);
if (len > buf->use) return(0);
buf->use -= len;
if ((buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) ||
((buf->alloc == XML_BUFFER_ALLOC_IO) && (buf->contentIO != NULL))) {
/*
* we just move the content pointer, but also make sure
* the perceived buffer size has shrunk accordingly
*/
buf->content += len;
buf->size -= len;
/*
* sometimes though it maybe be better to really shrink
* on IO buffers
*/
if ((buf->alloc == XML_BUFFER_ALLOC_IO) && (buf->contentIO != NULL)) {
size_t start_buf = buf->content - buf->contentIO;
if (start_buf >= buf->size) {
memmove(buf->contentIO, &buf->content[0], buf->use);
buf->content = buf->contentIO;
buf->content[buf->use] = 0;
buf->size += start_buf;
}
}
} else {
memmove(buf->content, &buf->content[len], buf->use);
buf->content[buf->use] = 0;
}
UPDATE_COMPAT(buf)
return(len);
}
/**
* xmlBufGrowInternal:
* @buf: the buffer
* @len: the minimum free size to allocate
*
* Grow the available space of an XML buffer, @len is the target value
* Error checking should be done on buf->error since using the return
* value doesn't work that well
*
* Returns 0 in case of error or the length made available otherwise
*/
static size_t
xmlBufGrowInternal(xmlBufPtr buf, size_t len) {
size_t size;
xmlChar *newbuf;
if ((buf == NULL) || (buf->error != 0)) return(0);
CHECK_COMPAT(buf)
if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0);
if (len < buf->size - buf->use)
return(buf->size - buf->use);
if (len > SIZE_MAX - buf->use)
return(0);
if (buf->size > (size_t) len) {
size = buf->size > SIZE_MAX / 2 ? SIZE_MAX : buf->size * 2;
} else {
size = buf->use + len;
size = size > SIZE_MAX - 100 ? SIZE_MAX : size + 100;
}
if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
/*
* Used to provide parsing limits
*/
if ((buf->use + len >= XML_MAX_TEXT_LENGTH) ||
(buf->size >= XML_MAX_TEXT_LENGTH)) {
xmlBufMemoryError(buf, "buffer error: text too long\n");
return(0);
}
if (size >= XML_MAX_TEXT_LENGTH)
size = XML_MAX_TEXT_LENGTH;
}
if ((buf->alloc == XML_BUFFER_ALLOC_IO) && (buf->contentIO != NULL)) {
size_t start_buf = buf->content - buf->contentIO;
newbuf = (xmlChar *) xmlRealloc(buf->contentIO, start_buf + size);
if (newbuf == NULL) {
xmlBufMemoryError(buf, "growing buffer");
return(0);
}
buf->contentIO = newbuf;
buf->content = newbuf + start_buf;
} else {
newbuf = (xmlChar *) xmlRealloc(buf->content, size);
if (newbuf == NULL) {
xmlBufMemoryError(buf, "growing buffer");
return(0);
}
buf->content = newbuf;
}
buf->size = size;
UPDATE_COMPAT(buf)
return(buf->size - buf->use);
}
/**
* xmlBufGrow:
* @buf: the buffer
* @len: the minimum free size to allocate
*
* Grow the available space of an XML buffer, @len is the target value
* This is been kept compatible with xmlBufferGrow() as much as possible
*
* Returns -1 in case of error or the length made available otherwise
*/
int
xmlBufGrow(xmlBufPtr buf, int len) {
size_t ret;
if ((buf == NULL) || (len < 0)) return(-1);
if (len == 0)
return(0);
ret = xmlBufGrowInternal(buf, len);
if (buf->error != 0)
return(-1);
return((int) ret);
}
/**
* xmlBufInflate:
* @buf: the buffer
* @len: the minimum extra free size to allocate
*
* Grow the available space of an XML buffer, adding at least @len bytes
*
* Returns 0 if successful or -1 in case of error
*/
int
xmlBufInflate(xmlBufPtr buf, size_t len) {
if (buf == NULL) return(-1);
xmlBufGrowInternal(buf, len + buf->size);
if (buf->error)
return(-1);
return(0);
}
/**
* xmlBufDump:
* @file: the file output
* @buf: the buffer to dump
*
* Dumps an XML buffer to a FILE *.
* Returns the number of #xmlChar written
*/
size_t
xmlBufDump(FILE *file, xmlBufPtr buf) {
size_t ret;
if ((buf == NULL) || (buf->error != 0)) {
#ifdef DEBUG_BUFFER
xmlGenericError(xmlGenericErrorContext,
"xmlBufDump: buf == NULL or in error\n");
#endif
return(0);
}
if (buf->content == NULL) {
#ifdef DEBUG_BUFFER
xmlGenericError(xmlGenericErrorContext,
"xmlBufDump: buf->content == NULL\n");
#endif
return(0);
}
CHECK_COMPAT(buf)
if (file == NULL)
file = stdout;
ret = fwrite(buf->content, sizeof(xmlChar), buf->use, file);
return(ret);
}
/**
* xmlBufContent:
* @buf: the buffer
*
* Function to extract the content of a buffer
*
* Returns the internal content
*/
xmlChar *
xmlBufContent(const xmlBuf *buf)
{
if ((!buf) || (buf->error))
return NULL;
return(buf->content);
}
/**
* xmlBufEnd:
* @buf: the buffer
*
* Function to extract the end of the content of a buffer
*
* Returns the end of the internal content or NULL in case of error
*/
xmlChar *
xmlBufEnd(xmlBufPtr buf)
{
if ((!buf) || (buf->error))
return NULL;
CHECK_COMPAT(buf)
return(&buf->content[buf->use]);
}
/**
* xmlBufAddLen:
* @buf: the buffer
* @len: the size which were added at the end
*
* Sometime data may be added at the end of the buffer without
* using the xmlBuf APIs that is used to expand the used space
* and set the zero terminating at the end of the buffer
*
* Returns -1 in case of error and 0 otherwise
*/
int
xmlBufAddLen(xmlBufPtr buf, size_t len) {
if ((buf == NULL) || (buf->error))
return(-1);
CHECK_COMPAT(buf)
if (len > (buf->size - buf->use))
return(-1);
buf->use += len;
UPDATE_COMPAT(buf)
if (buf->size > buf->use)
buf->content[buf->use] = 0;
else
return(-1);
return(0);
}
/**
* xmlBufErase:
* @buf: the buffer
* @len: the size to erase at the end
*
* Sometime data need to be erased at the end of the buffer
*
* Returns -1 in case of error and 0 otherwise
*/
int
xmlBufErase(xmlBufPtr buf, size_t len) {
if ((buf == NULL) || (buf->error))
return(-1);
CHECK_COMPAT(buf)
if (len > buf->use)
return(-1);
buf->use -= len;
buf->content[buf->use] = 0;
UPDATE_COMPAT(buf)
return(0);
}
/**
* xmlBufLength:
* @buf: the buffer
*
* Function to get the length of a buffer
*
* Returns the length of data in the internal content
*/
size_t
xmlBufLength(const xmlBufPtr buf)
{
if ((!buf) || (buf->error))
return 0;
CHECK_COMPAT(buf)
return(buf->use);
}
/**
* xmlBufUse:
* @buf: the buffer
*
* Function to get the length of a buffer
*
* Returns the length of data in the internal content
*/
size_t
xmlBufUse(const xmlBufPtr buf)
{
if ((!buf) || (buf->error))
return 0;
CHECK_COMPAT(buf)
return(buf->use);
}
/**
* xmlBufAvail:
* @buf: the buffer
*
* Function to find how much free space is allocated but not
* used in the buffer. It does not account for the terminating zero
* usually needed
*
* Returns the amount or 0 if none or an error occurred
*/
size_t
xmlBufAvail(const xmlBufPtr buf)
{
if ((!buf) || (buf->error))
return 0;
CHECK_COMPAT(buf)
return(buf->size - buf->use);
}
/**
* xmlBufIsEmpty:
* @buf: the buffer
*
* Tell if a buffer is empty
*
* Returns 0 if no, 1 if yes and -1 in case of error
*/
int
xmlBufIsEmpty(const xmlBufPtr buf)
{
if ((!buf) || (buf->error))
return(-1);
CHECK_COMPAT(buf)
return(buf->use == 0);
}
/**
* xmlBufResize:
* @buf: the buffer to resize
* @size: the desired size
*
* Resize a buffer to accommodate minimum size of @size.
*
* Returns 0 in case of problems, 1 otherwise
*/
int
xmlBufResize(xmlBufPtr buf, size_t size)
{
size_t newSize;
xmlChar* rebuf = NULL;
size_t start_buf;
if ((buf == NULL) || (buf->error))
return(0);
CHECK_COMPAT(buf)
if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return(0);
if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
/*
* Used to provide parsing limits
*/
if (size >= XML_MAX_TEXT_LENGTH) {
xmlBufMemoryError(buf, "buffer error: text too long\n");
return(0);
}
}
/* Don't resize if we don't have to */
if (size < buf->size)
return 1;
/* figure out new size */
switch (buf->alloc){
case XML_BUFFER_ALLOC_IO:
case XML_BUFFER_ALLOC_DOUBLEIT:
/*take care of empty case*/
if (buf->size == 0) {
newSize = (size > SIZE_MAX - 10 ? SIZE_MAX : size + 10);
} else {
newSize = buf->size;
}
while (size > newSize) {
if (newSize > SIZE_MAX / 2) {
xmlBufMemoryError(buf, "growing buffer");
return 0;
}
newSize *= 2;
}
break;
case XML_BUFFER_ALLOC_EXACT:
newSize = (size > SIZE_MAX - 10 ? SIZE_MAX : size + 10);
break;
case XML_BUFFER_ALLOC_HYBRID:
if (buf->use < BASE_BUFFER_SIZE)
newSize = size;
else {
newSize = buf->size;
while (size > newSize) {
if (newSize > SIZE_MAX / 2) {
xmlBufMemoryError(buf, "growing buffer");
return 0;
}
newSize *= 2;
}
}
break;
default:
newSize = (size > SIZE_MAX - 10 ? SIZE_MAX : size + 10);
break;
}
if ((buf->alloc == XML_BUFFER_ALLOC_IO) && (buf->contentIO != NULL)) {
start_buf = buf->content - buf->contentIO;
if (start_buf > newSize) {
/* move data back to start */
memmove(buf->contentIO, buf->content, buf->use);
buf->content = buf->contentIO;
buf->content[buf->use] = 0;
buf->size += start_buf;
} else {
rebuf = (xmlChar *) xmlRealloc(buf->contentIO, start_buf + newSize);
if (rebuf == NULL) {
xmlBufMemoryError(buf, "growing buffer");
return 0;
}
buf->contentIO = rebuf;
buf->content = rebuf + start_buf;
}
} else {
if (buf->content == NULL) {
rebuf = (xmlChar *) xmlMallocAtomic(newSize);
} else if (buf->size - buf->use < 100) {
rebuf = (xmlChar *) xmlRealloc(buf->content, newSize);
} else {
/*
* if we are reallocating a buffer far from being full, it's
* better to make a new allocation and copy only the used range
* and free the old one.
*/
rebuf = (xmlChar *) xmlMallocAtomic(newSize);
if (rebuf != NULL) {
memcpy(rebuf, buf->content, buf->use);
xmlFree(buf->content);
rebuf[buf->use] = 0;
}
}
if (rebuf == NULL) {
xmlBufMemoryError(buf, "growing buffer");
return 0;
}
buf->content = rebuf;
}
buf->size = newSize;
UPDATE_COMPAT(buf)
return 1;
}
/**
* xmlBufAdd:
* @buf: the buffer to dump
* @str: the #xmlChar string
* @len: the number of #xmlChar to add
*
* Add a string range to an XML buffer. if len == -1, the length of
* str is recomputed.
*
* Returns 0 successful, a positive error code number otherwise
* and -1 in case of internal or API error.
*/
int
xmlBufAdd(xmlBufPtr buf, const xmlChar *str, int len) {
size_t needSize;
if ((str == NULL) || (buf == NULL) || (buf->error))
return -1;
CHECK_COMPAT(buf)
if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return -1;
if (len < -1) {
#ifdef DEBUG_BUFFER
xmlGenericError(xmlGenericErrorContext,
"xmlBufAdd: len < 0\n");
#endif
return -1;
}
if (len == 0) return 0;
if (len < 0)
len = xmlStrlen(str);
if (len < 0) return -1;
if (len == 0) return 0;
if ((size_t) len >= buf->size - buf->use) {
if ((size_t) len >= SIZE_MAX - buf->use)
return(-1);
needSize = buf->use + len + 1;
if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
/*
* Used to provide parsing limits
*/
if (needSize >= XML_MAX_TEXT_LENGTH) {
xmlBufMemoryError(buf, "buffer error: text too long\n");
return(-1);
}
}
if (!xmlBufResize(buf, needSize)){
xmlBufMemoryError(buf, "growing buffer");
return XML_ERR_NO_MEMORY;
}
}
memmove(&buf->content[buf->use], str, len*sizeof(xmlChar));
buf->use += len;
buf->content[buf->use] = 0;
UPDATE_COMPAT(buf)
return 0;
}
/**
* xmlBufAddHead:
* @buf: the buffer
* @str: the #xmlChar string
* @len: the number of #xmlChar to add
*
* Add a string range to the beginning of an XML buffer.
* if len == -1, the length of @str is recomputed.
*
* Returns 0 successful, a positive error code number otherwise
* and -1 in case of internal or API error.
*/
int
xmlBufAddHead(xmlBufPtr buf, const xmlChar *str, int len) {
unsigned int needSize;
if ((buf == NULL) || (buf->error))
return(-1);
CHECK_COMPAT(buf)
if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return -1;
if (str == NULL) {
#ifdef DEBUG_BUFFER
xmlGenericError(xmlGenericErrorContext,
"xmlBufAddHead: str == NULL\n");
#endif
return -1;
}
if (len < -1) {
#ifdef DEBUG_BUFFER
xmlGenericError(xmlGenericErrorContext,
"xmlBufAddHead: len < 0\n");
#endif
return -1;
}
if (len == 0) return 0;
if (len < 0)
len = xmlStrlen(str);
if (len <= 0) return -1;
if ((buf->alloc == XML_BUFFER_ALLOC_IO) && (buf->contentIO != NULL)) {
size_t start_buf = buf->content - buf->contentIO;
if (start_buf > (unsigned int) len) {
/*
* We can add it in the space previously shrunk
*/
buf->content -= len;
memmove(&buf->content[0], str, len);
buf->use += len;
buf->size += len;
UPDATE_COMPAT(buf)
return(0);
}
}
needSize = buf->use + len + 2;
if (needSize > buf->size){
if (buf->alloc == XML_BUFFER_ALLOC_BOUNDED) {
/*
* Used to provide parsing limits
*/
if (needSize >= XML_MAX_TEXT_LENGTH) {
xmlBufMemoryError(buf, "buffer error: text too long\n");
return(-1);
}
}
if (!xmlBufResize(buf, needSize)){
xmlBufMemoryError(buf, "growing buffer");
return XML_ERR_NO_MEMORY;
}
}
memmove(&buf->content[len], &buf->content[0], buf->use);
memmove(&buf->content[0], str, len);
buf->use += len;
buf->content[buf->use] = 0;
UPDATE_COMPAT(buf)
return 0;
}
/**
* xmlBufCat:
* @buf: the buffer to add to
* @str: the #xmlChar string
*
* Append a zero terminated string to an XML buffer.
*
* Returns 0 successful, a positive error code number otherwise
* and -1 in case of internal or API error.
*/
int
xmlBufCat(xmlBufPtr buf, const xmlChar *str) {
if ((buf == NULL) || (buf->error))
return(-1);
CHECK_COMPAT(buf)
if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE) return -1;
if (str == NULL) return -1;
return xmlBufAdd(buf, str, -1);
}
/**
* xmlBufCCat:
* @buf: the buffer to dump
* @str: the C char string
*
* Append a zero terminated C string to an XML buffer.
*
* Returns 0 successful, a positive error code number otherwise
* and -1 in case of internal or API error.
*/
int
xmlBufCCat(xmlBufPtr buf, const char *str) {
return xmlBufCat(buf, (const xmlChar *) str);
}
/**
* xmlBufWriteCHAR:
* @buf: the XML buffer
* @string: the string to add
*
* routine which manages and grows an output buffer. This one adds
* xmlChars at the end of the buffer.
*
* Returns 0 if successful, a positive error code number otherwise
* and -1 in case of internal or API error.
*/
int
xmlBufWriteCHAR(xmlBufPtr buf, const xmlChar *string) {
if ((buf == NULL) || (buf->error))
return(-1);
CHECK_COMPAT(buf)
if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE)
return(-1);
return(xmlBufCat(buf, string));
}
/**
* xmlBufWriteChar:
* @buf: the XML buffer output
* @string: the string to add
*
* routine which manage and grows an output buffer. This one add
* C chars at the end of the array.
*
* Returns 0 if successful, a positive error code number otherwise
* and -1 in case of internal or API error.
*/
int
xmlBufWriteChar(xmlBufPtr buf, const char *string) {
if ((buf == NULL) || (buf->error))
return(-1);
CHECK_COMPAT(buf)
if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE)
return(-1);
return(xmlBufCCat(buf, string));
}
/**
* xmlBufWriteQuotedString:
* @buf: the XML buffer output
* @string: the string to add
*
* routine which manage and grows an output buffer. This one writes
* a quoted or double quoted #xmlChar string, checking first if it holds
* quote or double-quotes internally
*
* Returns 0 if successful, a positive error code number otherwise
* and -1 in case of internal or API error.
*/
int
xmlBufWriteQuotedString(xmlBufPtr buf, const xmlChar *string) {
const xmlChar *cur, *base;
if ((buf == NULL) || (buf->error))
return(-1);
CHECK_COMPAT(buf)
if (buf->alloc == XML_BUFFER_ALLOC_IMMUTABLE)
return(-1);
if (xmlStrchr(string, '\"')) {
if (xmlStrchr(string, '\'')) {
#ifdef DEBUG_BUFFER
xmlGenericError(xmlGenericErrorContext,
"xmlBufWriteQuotedString: string contains quote and double-quotes !\n");
#endif
xmlBufCCat(buf, "\"");
base = cur = string;
while(*cur != 0){
if(*cur == '"'){
if (base != cur)
xmlBufAdd(buf, base, cur - base);
xmlBufAdd(buf, BAD_CAST "&quot;", 6);
cur++;
base = cur;
}
else {
cur++;
}
}
if (base != cur)
xmlBufAdd(buf, base, cur - base);
xmlBufCCat(buf, "\"");
}
else{
xmlBufCCat(buf, "\'");
xmlBufCat(buf, string);
xmlBufCCat(buf, "\'");
}
} else {
xmlBufCCat(buf, "\"");
xmlBufCat(buf, string);
xmlBufCCat(buf, "\"");
}
return(0);
}
/**
* xmlBufFromBuffer:
* @buffer: incoming old buffer to convert to a new one
*
* Helper routine to switch from the old buffer structures in use
* in various APIs. It creates a wrapper xmlBufPtr which will be
* used for internal processing until the xmlBufBackToBuffer() is
* issued.
*
* Returns a new xmlBufPtr unless the call failed and NULL is returned
*/
xmlBufPtr
xmlBufFromBuffer(xmlBufferPtr buffer) {
xmlBufPtr ret;
if (buffer == NULL)
return(NULL);
ret = (xmlBufPtr) xmlMalloc(sizeof(xmlBuf));
if (ret == NULL) {
xmlBufMemoryError(NULL, "creating buffer");
return(NULL);
}
ret->use = buffer->use;
ret->size = buffer->size;
ret->compat_use = buffer->use;
ret->compat_size = buffer->size;
ret->error = 0;
ret->buffer = buffer;
ret->alloc = buffer->alloc;
ret->content = buffer->content;
ret->contentIO = buffer->contentIO;
return(ret);
}
/**
* xmlBufBackToBuffer:
* @buf: new buffer wrapping the old one
*
* Function to be called once internal processing had been done to
* update back the buffer provided by the user. This can lead to
* a failure in case the size accumulated in the xmlBuf is larger
* than what an xmlBuffer can support on 64 bits (INT_MAX)
* The xmlBufPtr @buf wrapper is deallocated by this call in any case.
*
* Returns the old xmlBufferPtr unless the call failed and NULL is returned
*/
xmlBufferPtr
xmlBufBackToBuffer(xmlBufPtr buf) {
xmlBufferPtr ret;
if (buf == NULL)
return(NULL);
CHECK_COMPAT(buf)
if ((buf->error) || (buf->buffer == NULL)) {
xmlBufFree(buf);
return(NULL);
}
ret = buf->buffer;
/*
* What to do in case of error in the buffer ???
*/
if (buf->use > INT_MAX) {
/*
* Worse case, we really allocated and used more than the
* maximum allowed memory for an xmlBuffer on this architecture.
* Keep the buffer but provide a truncated size value.
*/
xmlBufOverflowError(buf, "Used size too big for xmlBuffer");
ret->use = INT_MAX;
ret->size = INT_MAX;
} else if (buf->size > INT_MAX) {
/*
* milder case, we allocated more than the maximum allowed memory
* for an xmlBuffer on this architecture, but used less than the
* limit.
* Keep the buffer but provide a truncated size value.
*/
xmlBufOverflowError(buf, "Allocated size too big for xmlBuffer");
ret->use = (int) buf->use;
ret->size = INT_MAX;
} else {
ret->use = (int) buf->use;
ret->size = (int) buf->size;
}
ret->alloc = buf->alloc;
ret->content = buf->content;
ret->contentIO = buf->contentIO;
xmlFree(buf);
return(ret);
}
/**
* xmlBufMergeBuffer:
* @buf: an xmlBufPtr
* @buffer: the buffer to consume into @buf
*
* The content of @buffer is appended to @buf and @buffer is freed
*
* Returns -1 in case of error, 0 otherwise, in any case @buffer is freed
*/
int
xmlBufMergeBuffer(xmlBufPtr buf, xmlBufferPtr buffer) {
int ret = 0;
if ((buf == NULL) || (buf->error)) {
xmlBufferFree(buffer);
return(-1);
}
CHECK_COMPAT(buf)
if ((buffer != NULL) && (buffer->content != NULL) &&
(buffer->use > 0)) {
ret = xmlBufAdd(buf, buffer->content, buffer->use);
}
xmlBufferFree(buffer);
return(ret);
}
/**
* xmlBufResetInput:
* @buf: an xmlBufPtr
* @input: an xmlParserInputPtr
*
* Update the input to use the current set of pointers from the buffer.
*
* Returns -1 in case of error, 0 otherwise
*/
int
xmlBufResetInput(xmlBufPtr buf, xmlParserInputPtr input) {
if ((input == NULL) || (buf == NULL) || (buf->error))
return(-1);
CHECK_COMPAT(buf)
input->base = input->cur = buf->content;
input->end = &buf->content[buf->use];
return(0);
}
/**
* xmlBufGetInputBase:
* @buf: an xmlBufPtr
* @input: an xmlParserInputPtr
*
* Get the base of the @input relative to the beginning of the buffer
*
* Returns the size_t corresponding to the displacement
*/
size_t
xmlBufGetInputBase(xmlBufPtr buf, xmlParserInputPtr input) {
size_t base;
if ((input == NULL) || (buf == NULL) || (buf->error))
return(-1);
CHECK_COMPAT(buf)
base = input->base - buf->content;
/*
* We could do some pointer arithmetic checks but that's probably
* sufficient.
*/
if (base > buf->size) {
xmlBufOverflowError(buf, "Input reference outside of the buffer");
base = 0;
}
return(base);
}
/**
* xmlBufSetInputBaseCur:
* @buf: an xmlBufPtr
* @input: an xmlParserInputPtr
* @base: the base value relative to the beginning of the buffer
* @cur: the cur value relative to the beginning of the buffer
*
* Update the input to use the base and cur relative to the buffer
* after a possible reallocation of its content
*
* Returns -1 in case of error, 0 otherwise
*/
int
xmlBufSetInputBaseCur(xmlBufPtr buf, xmlParserInputPtr input,
size_t base, size_t cur) {
if (input == NULL)
return(-1);
if ((buf == NULL) || (buf->error)) {
input->base = input->cur = input->end = BAD_CAST "";
return(-1);
}
CHECK_COMPAT(buf)
input->base = &buf->content[base];
input->cur = input->base + cur;
input->end = &buf->content[buf->use];
return(0);
}
#define bottom_buf
#include "elfgcchack.h"
Loading...
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化