Hi, On Mon, Aug 6, 2012 at 3:05 AM, Daniel Veillard <veill...@redhat.com> wrote: > mistake done circa 98-99 IIRC and a bit late to fix ... The problem are > that those buffers were using int instead of size_t for various size > leading to a variety of troubles including security ones. How to fix > that while keeping everything pblic API and ABI compatible ? One idea (if you're sure consumers are just reading the public structure and not allocating/writing to it):
struct xmlExtendedBuffer { xmlBuffer compatBuffer; size_t realSize; } Then when allocating e.g., an output buffer: outputBuffer->buffer = &extendedBuffer->compatBuffer; and any time you need to get at the extended buffer do: extendedBuffer = (xmExtendedBufferPtr) outputBuffer->buffer; Any time you need to adjust the size of the buffer, adjust extendedBuffer->realSize, and then do extendedBuffer->compatBuffer.size = (int) extendedBuffer->realSize; Though, sizeof(size_t) == sizeof(int) on 32-bit arches so i'm a little unsure how swapping one for the other could fix overflow problems. --Ray _______________________________________________ desktop-devel-list mailing list desktop-devel-list@gnome.org https://mail.gnome.org/mailman/listinfo/desktop-devel-list