sfeed

simple feed reader - forked from git.codemadness.org/sfeed
git clone git://src.gearsix.net/sfeed
Log | Files | Refs | Atom | README | LICENSE

commit 2b50075f9145b2261566f0f67eb9f31523c7bd71
parent 79ff3ecbc87072a8eaa3cf6a3f94101df500ecdf
Author: Hiltjo Posthuma <hiltjo@codemadness.org>
Date:   Sat, 18 Jan 2020 19:26:04 +0100

improve XML entity conversion

- return -1 for invalid XML entities.
- separate between NUL (&#0;) and invalid entities: although both are
  unwanted in sfeed.
- validate the number range more strictly and don't wrap to unsigned.
  entities lik: "&#-1;" are handled as invalid now. "&#;" is also invalid
  instead of the same as "&#0;".

Diffstat:
Mxml.c | 16++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/xml.c b/xml.c @@ -269,7 +269,7 @@ namedentitytostr(const char *e, char *buf, size_t bufsiz) return 1; } } - return 0; + return -1; } static int @@ -286,12 +286,12 @@ numericentitytostr(const char *e, char *buf, size_t bufsiz) errno = 0; /* hex (16) or decimal (10) */ if (*e == 'x') - l = strtoul(e + 1, &end, 16); + l = strtol(++e, &end, 16); else - l = strtoul(e, &end, 10); - /* invalid value or not a well-formed entity or too high codepoint */ - if (errno || *end != ';' || l > 0x10FFFF) - return 0; + l = strtol(e, &end, 10); + /* invalid value or not a well-formed entity or invalid codepoint */ + if (errno || e == end || *end != ';' || l < 0 || l > 0x10ffff) + return -1; len = codepointtoutf8(l, buf); buf[len] = '\0'; @@ -299,13 +299,13 @@ numericentitytostr(const char *e, char *buf, size_t bufsiz) } /* convert named- or numeric entity string to buffer string - * returns byte-length of string. */ + * returns byte-length of string or -1 on failure. */ int xml_entitytostr(const char *e, char *buf, size_t bufsiz) { /* doesn't start with & */ if (e[0] != '&') - return 0; + return -1; /* numeric entity */ if (e[1] == '#') return numericentitytostr(e + 2, buf, bufsiz);