diff --git a/Misc/NEWS.d/next/Library/2026-01-31-17-15-49.gh-issue-144363.X9f0sU.rst b/Misc/NEWS.d/next/Library/2026-01-31-17-15-49.gh-issue-144363.X9f0sU.rst
new file mode 100644
index 00000000000000..c17cea6613d06b
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2026-01-31-17-15-49.gh-issue-144363.X9f0sU.rst
@@ -0,0 +1 @@
+Update bundled `libexpat `_ to 2.7.4
diff --git a/Misc/sbom.spdx.json b/Misc/sbom.spdx.json
index e9554bf78374a6..c79bbd2878271e 100644
--- a/Misc/sbom.spdx.json
+++ b/Misc/sbom.spdx.json
@@ -6,11 +6,11 @@
"checksums": [
{
"algorithm": "SHA1",
- "checksumValue": "39e6f567a10e36b2e77727e98e60bbcb3eb3af0b"
+ "checksumValue": "f1b1126ed7da8f2068302e7a692b0600e6f94b07"
},
{
"algorithm": "SHA256",
- "checksumValue": "122f2c27000472a201d337b9b31f7eb2b52d091b02857061a8880371612d9534"
+ "checksumValue": "31b15de82aa19a845156169a17a5488bf597e561b2c318d159ed583139b25e87"
}
],
"fileName": "Modules/expat/COPYING"
@@ -48,11 +48,11 @@
"checksums": [
{
"algorithm": "SHA1",
- "checksumValue": "a4395dd0589a97aab0904f7a5f5dc5781a086aa2"
+ "checksumValue": "9bd33bd279c0d7ea37b0f2d7e07c7c53b7053507"
},
{
"algorithm": "SHA256",
- "checksumValue": "610b844bbfa3ec955772cc825db4d4db470827d57adcb214ad372d0eaf00e591"
+ "checksumValue": "d20997001462356b5ce3810ebf5256c8205f58462c64f21eb9bf80f8d1822b08"
}
],
"fileName": "Modules/expat/expat.h"
@@ -62,11 +62,11 @@
"checksums": [
{
"algorithm": "SHA1",
- "checksumValue": "c22196e3d8bee88fcdda715623b3b9d2119d2fb3"
+ "checksumValue": "e658ee5d638ab326109282ff09f1541e27fff8c2"
},
{
"algorithm": "SHA256",
- "checksumValue": "f2c2283ba03b057e92beefc7f81ba901ebb6dfc1a45b036c8a7d65808eb77a84"
+ "checksumValue": "dbe0582b8f8a8140aca97009e8760105ceed9e7df01ea9d8b3fe47cebf2e5b2d"
}
],
"fileName": "Modules/expat/expat_external.h"
@@ -90,11 +90,11 @@
"checksums": [
{
"algorithm": "SHA1",
- "checksumValue": "7dce7d98943c5db33ae05e54801dcafb4547b9dd"
+ "checksumValue": "6a4a232233ba1034c3f2b459159d502e9b2d413b"
},
{
"algorithm": "SHA256",
- "checksumValue": "6bfe307d52e7e4c71dbc30d3bd902a4905cdd83bbe4226a7e8dfa8e4c462a157"
+ "checksumValue": "c803935722f0dbdeeede7f040028fb119135e96dfad949479f8a5304b885bdd6"
}
],
"fileName": "Modules/expat/internal.h"
@@ -174,11 +174,11 @@
"checksums": [
{
"algorithm": "SHA1",
- "checksumValue": "4c81a1f04fc653877c63c834145c18f93cd95f3e"
+ "checksumValue": "7d3d7d72aa56c53fb5b9e10c0e74e161381f0255"
},
{
"algorithm": "SHA256",
- "checksumValue": "04a379615f476d55f95ca1853107e20627b48ca4afe8d0fd5981ac77188bf0a6"
+ "checksumValue": "f4f87aa0268d92f2b8f5e663788bfadd2e926477d0b061ed4463c02ad29a3e25"
}
],
"fileName": "Modules/expat/xmlparse.c"
@@ -188,11 +188,11 @@
"checksums": [
{
"algorithm": "SHA1",
- "checksumValue": "ef767128d2dda99436712dcf3465dde5dbaab876"
+ "checksumValue": "c8769fcb93f00272a6e6ca560be633649c817ff7"
},
{
"algorithm": "SHA256",
- "checksumValue": "71fb52aa302cf6f56e41943009965804f49ff2210d9bd15b258f70aaf70db772"
+ "checksumValue": "5b81f0eb0e144b611dbd1bc9e6037075a16bff94f823d57a81eb2a3e4999e91a"
}
],
"fileName": "Modules/expat/xmlrole.c"
@@ -216,11 +216,11 @@
"checksums": [
{
"algorithm": "SHA1",
- "checksumValue": "1e2d35d90a1c269217f83d3bdf3c71cc22cb4c3f"
+ "checksumValue": "63e4766a09e63760c6518670509198f8d638f4ad"
},
{
"algorithm": "SHA256",
- "checksumValue": "98d0fc735041956cc2e7bbbe2fb8f03130859410e0aee5e8015f406a37c02a3c"
+ "checksumValue": "0ad3f915f2748dc91bf4e4b4a50cf40bf2c95769d0eca7e3b293a230d82bb779"
}
],
"fileName": "Modules/expat/xmltok.c"
@@ -272,11 +272,11 @@
"checksums": [
{
"algorithm": "SHA1",
- "checksumValue": "2d82d0a1201f78d478b30d108ff8fc27ee3e2672"
+ "checksumValue": "41b8c8fc275882c76d4210b7d40a18e506b07147"
},
{
"algorithm": "SHA256",
- "checksumValue": "6ce6d03193279078d55280150fe91e7370370b504a6c123a79182f28341f3e90"
+ "checksumValue": "b2188c7e5fa5b33e355cf6cf342dfb8f6e23859f2a6b1ddf79841d7f84f7b196"
}
],
"fileName": "Modules/expat/xmltok_ns.c"
@@ -1730,14 +1730,14 @@
"checksums": [
{
"algorithm": "SHA256",
- "checksumValue": "821ac9710d2c073eaf13e1b1895a9c9aa66c1157a99635c639fbff65cdbdd732"
+ "checksumValue": "461ecc8aa98ab1a68c2db788175665d1a4db640dc05bf0e289b6ea17122144ec"
}
],
- "downloadLocation": "https://github.com/libexpat/libexpat/releases/download/R_2_7_3/expat-2.7.3.tar.gz",
+ "downloadLocation": "https://github.com/libexpat/libexpat/releases/download/R_2_7_4/expat-2.7.4.tar.gz",
"externalRefs": [
{
"referenceCategory": "SECURITY",
- "referenceLocator": "cpe:2.3:a:libexpat_project:libexpat:2.7.3:*:*:*:*:*:*:*",
+ "referenceLocator": "cpe:2.3:a:libexpat_project:libexpat:2.7.4:*:*:*:*:*:*:*",
"referenceType": "cpe23Type"
}
],
@@ -1745,7 +1745,7 @@
"name": "expat",
"originator": "Organization: Expat development team",
"primaryPackagePurpose": "SOURCE",
- "versionInfo": "2.7.3"
+ "versionInfo": "2.7.4"
},
{
"SPDXID": "SPDXRef-PACKAGE-hacl-star",
diff --git a/Modules/expat/COPYING b/Modules/expat/COPYING
index ce9e5939291e45..c6d184a8aae845 100644
--- a/Modules/expat/COPYING
+++ b/Modules/expat/COPYING
@@ -1,5 +1,5 @@
Copyright (c) 1998-2000 Thai Open Source Software Center Ltd and Clark Cooper
-Copyright (c) 2001-2022 Expat maintainers
+Copyright (c) 2001-2025 Expat maintainers
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
diff --git a/Modules/expat/expat.h b/Modules/expat/expat.h
index 290dfeb0f6dd6a..6c7c4186927725 100644
--- a/Modules/expat/expat.h
+++ b/Modules/expat/expat.h
@@ -11,7 +11,7 @@
Copyright (c) 2000-2005 Fred L. Drake, Jr.
Copyright (c) 2001-2002 Greg Stein
Copyright (c) 2002-2016 Karl Waclawek
- Copyright (c) 2016-2025 Sebastian Pipping
+ Copyright (c) 2016-2026 Sebastian Pipping
Copyright (c) 2016 Cristian Rodríguez
Copyright (c) 2016 Thomas Beutlich
Copyright (c) 2017 Rhodri James
@@ -1082,7 +1082,7 @@ XML_SetReparseDeferralEnabled(XML_Parser parser, XML_Bool enabled);
*/
# define XML_MAJOR_VERSION 2
# define XML_MINOR_VERSION 7
-# define XML_MICRO_VERSION 3
+# define XML_MICRO_VERSION 4
# ifdef __cplusplus
}
diff --git a/Modules/expat/expat_config.h b/Modules/expat/expat_config.h
index e7d9499d9078d9..09d3161dbc0fb2 100644
--- a/Modules/expat/expat_config.h
+++ b/Modules/expat/expat_config.h
@@ -3,7 +3,7 @@
* distribution.
*/
#ifndef EXPAT_CONFIG_H
-#define EXPAT_CONFIG_H
+#define EXPAT_CONFIG_H 1
#include
#ifdef WORDS_BIGENDIAN
diff --git a/Modules/expat/expat_external.h b/Modules/expat/expat_external.h
index 0f01a05d0e9560..6f3f3c48ce9cff 100644
--- a/Modules/expat/expat_external.h
+++ b/Modules/expat/expat_external.h
@@ -12,7 +12,7 @@
Copyright (c) 2001-2002 Greg Stein
Copyright (c) 2002-2006 Karl Waclawek
Copyright (c) 2016 Cristian Rodríguez
- Copyright (c) 2016-2019 Sebastian Pipping
+ Copyright (c) 2016-2025 Sebastian Pipping
Copyright (c) 2017 Rhodri James
Copyright (c) 2018 Yury Gribov
Licensed under the MIT license:
@@ -91,8 +91,7 @@
# ifndef XML_BUILDING_EXPAT
/* using Expat from an application */
-# if defined(_MSC_EXTENSIONS) && ! defined(__BEOS__) \
- && ! defined(__CYGWIN__)
+# if defined(_MSC_VER) && ! defined(__BEOS__) && ! defined(__CYGWIN__)
# define XMLIMPORT __declspec(dllimport)
# endif
diff --git a/Modules/expat/internal.h b/Modules/expat/internal.h
index 8f5edf48ef7c00..61266ebb7723d1 100644
--- a/Modules/expat/internal.h
+++ b/Modules/expat/internal.h
@@ -128,7 +128,7 @@
# elif ULONG_MAX == 18446744073709551615u // 2^64-1
# define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "ld"
# define EXPAT_FMT_SIZE_T(midpart) "%" midpart "lu"
-# elif defined(EMSCRIPTEN) // 32bit mode Emscripten
+# elif defined(__wasm32__) // 32bit mode Emscripten or WASI SDK
# define EXPAT_FMT_PTRDIFF_T(midpart) "%" midpart "ld"
# define EXPAT_FMT_SIZE_T(midpart) "%" midpart "zu"
# else
diff --git a/Modules/expat/refresh.sh b/Modules/expat/refresh.sh
index d1bf5d19afa007..550340467a15a7 100755
--- a/Modules/expat/refresh.sh
+++ b/Modules/expat/refresh.sh
@@ -12,9 +12,9 @@ fi
# Update this when updating to a new version after verifying that the changes
# the update brings in are good. These values are used for verifying the SBOM, too.
-expected_libexpat_tag="R_2_7_3"
-expected_libexpat_version="2.7.3"
-expected_libexpat_sha256="821ac9710d2c073eaf13e1b1895a9c9aa66c1157a99635c639fbff65cdbdd732"
+expected_libexpat_tag="R_2_7_4"
+expected_libexpat_version="2.7.4"
+expected_libexpat_sha256="461ecc8aa98ab1a68c2db788175665d1a4db640dc05bf0e289b6ea17122144ec"
expat_dir="$(realpath "$(dirname -- "${BASH_SOURCE[0]}")")"
cd ${expat_dir}
@@ -24,6 +24,9 @@ curl --location "https://github.com/libexpat/libexpat/releases/download/${expect
echo "${expected_libexpat_sha256} libexpat.tar.gz" | sha256sum --check
# Step 2: Pull files from the libexpat distribution
+
+tar xzvf libexpat.tar.gz "expat-${expected_libexpat_version}/COPYING" --strip-components 2
+
declare -a lib_files
lib_files=(
ascii.h
diff --git a/Modules/expat/xmlparse.c b/Modules/expat/xmlparse.c
index a187a3a18f1994..086fca59112ee1 100644
--- a/Modules/expat/xmlparse.c
+++ b/Modules/expat/xmlparse.c
@@ -1,4 +1,4 @@
-/* 28bcd8b1ba7eb595d82822908257fd9c3589b4243e3c922d0369f35bfcd7b506 (2.7.3+)
+/* fab937ab8b186d7d296013669c332e6dfce2f99567882cff1f8eb24223c524a7 (2.7.4+)
__ __ _
___\ \/ /_ __ __ _| |_
/ _ \\ /| '_ \ / _` | __|
@@ -13,7 +13,7 @@
Copyright (c) 2002-2016 Karl Waclawek
Copyright (c) 2005-2009 Steven Solie
Copyright (c) 2016 Eric Rahm
- Copyright (c) 2016-2025 Sebastian Pipping
+ Copyright (c) 2016-2026 Sebastian Pipping
Copyright (c) 2016 Gaurav
Copyright (c) 2016 Thomas Beutlich
Copyright (c) 2016 Gustavo Grieco
@@ -42,6 +42,9 @@
Copyright (c) 2024-2025 Berkay Eren Ürün
Copyright (c) 2024 Hanno Böck
Copyright (c) 2025 Matthew Fernandez
+ Copyright (c) 2025 Atrem Borovik
+ Copyright (c) 2025 Alfonso Gregory
+ Copyright (c) 2026 Rosen Penev
Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining
@@ -101,7 +104,7 @@
#include /* INT_MAX, UINT_MAX */
#include /* fprintf */
#include /* getenv, rand_s */
-#include /* uintptr_t */
+#include /* SIZE_MAX, uintptr_t */
#include /* isnan */
#ifdef _WIN32
@@ -134,11 +137,6 @@
# endif /* defined(GRND_NONBLOCK) */
#endif /* defined(HAVE_GETRANDOM) || defined(HAVE_SYSCALL_GETRANDOM) */
-#if defined(HAVE_LIBBSD) \
- && (defined(HAVE_ARC4RANDOM_BUF) || defined(HAVE_ARC4RANDOM))
-# include
-#endif
-
#if defined(_WIN32) && ! defined(LOAD_LIBRARY_SEARCH_SYSTEM32)
# define LOAD_LIBRARY_SEARCH_SYSTEM32 0x00000800
#endif
@@ -155,8 +153,6 @@
* Linux >=3.17 + glibc (including <2.25) (syscall SYS_getrandom): HAVE_SYSCALL_GETRANDOM, \
* BSD / macOS >=10.7 / glibc >=2.36 (arc4random_buf): HAVE_ARC4RANDOM_BUF, \
* BSD / macOS (including <10.7) / glibc >=2.36 (arc4random): HAVE_ARC4RANDOM, \
- * libbsd (arc4random_buf): HAVE_ARC4RANDOM_BUF + HAVE_LIBBSD, \
- * libbsd (arc4random): HAVE_ARC4RANDOM + HAVE_LIBBSD, \
* Linux (including <3.17) / BSD / macOS (including <10.7) / Solaris >=8 (/dev/urandom): XML_DEV_URANDOM, \
* Windows >=Vista (rand_s): _WIN32. \
\
@@ -311,8 +307,11 @@ typedef struct tag {
const char *rawName; /* tagName in the original encoding */
int rawNameLength;
TAG_NAME name; /* tagName in the API encoding */
- char *buf; /* buffer for name components */
- char *bufEnd; /* end of the buffer */
+ union {
+ char *raw; /* for byte-level access (rawName storage) */
+ XML_Char *str; /* for character-level access (converted name) */
+ } buf; /* buffer for name components */
+ char *bufEnd; /* end of the buffer */
BINDING *bindings;
} TAG;
@@ -349,7 +348,7 @@ typedef struct {
typedef struct block {
struct block *next;
int size;
- XML_Char s[1];
+ XML_Char s[];
} BLOCK;
typedef struct {
@@ -1230,8 +1229,11 @@ generate_hash_secret_salt(XML_Parser parser) {
# endif /* ! defined(_WIN32) && defined(XML_DEV_URANDOM) */
/* .. and self-made low quality for backup: */
+ entropy = gather_time_entropy();
+# if ! defined(__wasi__)
/* Process ID is 0 bits entropy if attacker has local access */
- entropy = gather_time_entropy() ^ getpid();
+ entropy ^= getpid();
+# endif
/* Factors are 2^31-1 and 2^61-1 (Mersenne primes M31 and M61) */
if (sizeof(unsigned long) == 4) {
@@ -1754,6 +1756,7 @@ XML_ExternalEntityParserCreate(XML_Parser oldParser, const XML_Char *context,
XML_ExternalEntityRefHandler oldExternalEntityRefHandler;
XML_SkippedEntityHandler oldSkippedEntityHandler;
XML_UnknownEncodingHandler oldUnknownEncodingHandler;
+ void *oldUnknownEncodingHandlerData;
XML_ElementDeclHandler oldElementDeclHandler;
XML_AttlistDeclHandler oldAttlistDeclHandler;
XML_EntityDeclHandler oldEntityDeclHandler;
@@ -1799,6 +1802,7 @@ XML_ExternalEntityParserCreate(XML_Parser oldParser, const XML_Char *context,
oldExternalEntityRefHandler = parser->m_externalEntityRefHandler;
oldSkippedEntityHandler = parser->m_skippedEntityHandler;
oldUnknownEncodingHandler = parser->m_unknownEncodingHandler;
+ oldUnknownEncodingHandlerData = parser->m_unknownEncodingHandlerData;
oldElementDeclHandler = parser->m_elementDeclHandler;
oldAttlistDeclHandler = parser->m_attlistDeclHandler;
oldEntityDeclHandler = parser->m_entityDeclHandler;
@@ -1859,6 +1863,7 @@ XML_ExternalEntityParserCreate(XML_Parser oldParser, const XML_Char *context,
parser->m_externalEntityRefHandler = oldExternalEntityRefHandler;
parser->m_skippedEntityHandler = oldSkippedEntityHandler;
parser->m_unknownEncodingHandler = oldUnknownEncodingHandler;
+ parser->m_unknownEncodingHandlerData = oldUnknownEncodingHandlerData;
parser->m_elementDeclHandler = oldElementDeclHandler;
parser->m_attlistDeclHandler = oldAttlistDeclHandler;
parser->m_entityDeclHandler = oldEntityDeclHandler;
@@ -1934,7 +1939,7 @@ XML_ParserFree(XML_Parser parser) {
}
p = tagList;
tagList = tagList->parent;
- FREE(parser, p->buf);
+ FREE(parser, p->buf.raw);
destroyBindings(p->bindings, parser);
FREE(parser, p);
}
@@ -2599,7 +2604,7 @@ XML_GetBuffer(XML_Parser parser, int len) {
// NOTE: We are avoiding MALLOC(..) here to leave limiting
// the input size to the application using Expat.
newBuf = parser->m_mem.malloc_fcn(bufferSize);
- if (newBuf == 0) {
+ if (newBuf == NULL) {
parser->m_errorCode = XML_ERROR_NO_MEMORY;
return NULL;
}
@@ -3126,7 +3131,7 @@ storeRawNames(XML_Parser parser) {
size_t bufSize;
size_t nameLen = sizeof(XML_Char) * (tag->name.strLen + 1);
size_t rawNameLen;
- char *rawNameBuf = tag->buf + nameLen;
+ char *rawNameBuf = tag->buf.raw + nameLen;
/* Stop if already stored. Since m_tagStack is a stack, we can stop
at the first entry that has already been copied; everything
below it in the stack is already been accounted for in a
@@ -3142,22 +3147,22 @@ storeRawNames(XML_Parser parser) {
if (rawNameLen > (size_t)INT_MAX - nameLen)
return XML_FALSE;
bufSize = nameLen + rawNameLen;
- if (bufSize > (size_t)(tag->bufEnd - tag->buf)) {
- char *temp = REALLOC(parser, tag->buf, bufSize);
+ if (bufSize > (size_t)(tag->bufEnd - tag->buf.raw)) {
+ char *temp = REALLOC(parser, tag->buf.raw, bufSize);
if (temp == NULL)
return XML_FALSE;
- /* if tag->name.str points to tag->buf (only when namespace
+ /* if tag->name.str points to tag->buf.str (only when namespace
processing is off) then we have to update it
*/
- if (tag->name.str == (XML_Char *)tag->buf)
+ if (tag->name.str == tag->buf.str)
tag->name.str = (XML_Char *)temp;
/* if tag->name.localPart is set (when namespace processing is on)
then update it as well, since it will always point into tag->buf
*/
if (tag->name.localPart)
tag->name.localPart
- = (XML_Char *)temp + (tag->name.localPart - (XML_Char *)tag->buf);
- tag->buf = temp;
+ = (XML_Char *)temp + (tag->name.localPart - tag->buf.str);
+ tag->buf.raw = temp;
tag->bufEnd = temp + bufSize;
rawNameBuf = temp + nameLen;
}
@@ -3472,12 +3477,12 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc,
tag = MALLOC(parser, sizeof(TAG));
if (! tag)
return XML_ERROR_NO_MEMORY;
- tag->buf = MALLOC(parser, INIT_TAG_BUF_SIZE);
- if (! tag->buf) {
+ tag->buf.raw = MALLOC(parser, INIT_TAG_BUF_SIZE);
+ if (! tag->buf.raw) {
FREE(parser, tag);
return XML_ERROR_NO_MEMORY;
}
- tag->bufEnd = tag->buf + INIT_TAG_BUF_SIZE;
+ tag->bufEnd = tag->buf.raw + INIT_TAG_BUF_SIZE;
}
tag->bindings = NULL;
tag->parent = parser->m_tagStack;
@@ -3490,31 +3495,32 @@ doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc,
{
const char *rawNameEnd = tag->rawName + tag->rawNameLength;
const char *fromPtr = tag->rawName;
- toPtr = (XML_Char *)tag->buf;
+ toPtr = tag->buf.str;
for (;;) {
- int bufSize;
int convLen;
const enum XML_Convert_Result convert_res
= XmlConvert(enc, &fromPtr, rawNameEnd, (ICHAR **)&toPtr,
(ICHAR *)tag->bufEnd - 1);
- convLen = (int)(toPtr - (XML_Char *)tag->buf);
+ convLen = (int)(toPtr - tag->buf.str);
if ((fromPtr >= rawNameEnd)
|| (convert_res == XML_CONVERT_INPUT_INCOMPLETE)) {
tag->name.strLen = convLen;
break;
}
- bufSize = (int)(tag->bufEnd - tag->buf) << 1;
+ if (SIZE_MAX / 2 < (size_t)(tag->bufEnd - tag->buf.raw))
+ return XML_ERROR_NO_MEMORY;
+ const size_t bufSize = (size_t)(tag->bufEnd - tag->buf.raw) * 2;
{
- char *temp = REALLOC(parser, tag->buf, bufSize);
+ char *temp = REALLOC(parser, tag->buf.raw, bufSize);
if (temp == NULL)
return XML_ERROR_NO_MEMORY;
- tag->buf = temp;
+ tag->buf.raw = temp;
tag->bufEnd = temp + bufSize;
toPtr = (XML_Char *)temp + convLen;
}
}
}
- tag->name.str = (XML_Char *)tag->buf;
+ tag->name.str = tag->buf.str;
*toPtr = XML_T('\0');
result
= storeAtts(parser, enc, s, &(tag->name), &(tag->bindings), account);
@@ -3878,7 +3884,7 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr,
* from -Wtype-limits on platforms where
* sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
#if UINT_MAX >= SIZE_MAX
- if ((unsigned)parser->m_attsSize > (size_t)(-1) / sizeof(ATTRIBUTE)) {
+ if ((unsigned)parser->m_attsSize > SIZE_MAX / sizeof(ATTRIBUTE)) {
parser->m_attsSize = oldAttsSize;
return XML_ERROR_NO_MEMORY;
}
@@ -3897,7 +3903,7 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr,
* from -Wtype-limits on platforms where
* sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
# if UINT_MAX >= SIZE_MAX
- if ((unsigned)parser->m_attsSize > (size_t)(-1) / sizeof(XML_AttrInfo)) {
+ if ((unsigned)parser->m_attsSize > SIZE_MAX / sizeof(XML_AttrInfo)) {
parser->m_attsSize = oldAttsSize;
return XML_ERROR_NO_MEMORY;
}
@@ -4073,7 +4079,7 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr,
* from -Wtype-limits on platforms where
* sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
#if UINT_MAX >= SIZE_MAX
- if (nsAttsSize > (size_t)(-1) / sizeof(NS_ATT)) {
+ if (nsAttsSize > SIZE_MAX / sizeof(NS_ATT)) {
/* Restore actual size of memory in m_nsAtts */
parser->m_nsAttsPower = oldNsAttsPower;
return XML_ERROR_NO_MEMORY;
@@ -4256,7 +4262,7 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr,
* from -Wtype-limits on platforms where
* sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
#if UINT_MAX >= SIZE_MAX
- if ((unsigned)(n + EXPAND_SPARE) > (size_t)(-1) / sizeof(XML_Char)) {
+ if ((unsigned)(n + EXPAND_SPARE) > SIZE_MAX / sizeof(XML_Char)) {
return XML_ERROR_NO_MEMORY;
}
#endif
@@ -4502,7 +4508,7 @@ addBinding(XML_Parser parser, PREFIX *prefix, const ATTRIBUTE_ID *attId,
* from -Wtype-limits on platforms where
* sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
#if UINT_MAX >= SIZE_MAX
- if ((unsigned)(len + EXPAND_SPARE) > (size_t)(-1) / sizeof(XML_Char)) {
+ if ((unsigned)(len + EXPAND_SPARE) > SIZE_MAX / sizeof(XML_Char)) {
return XML_ERROR_NO_MEMORY;
}
#endif
@@ -4529,7 +4535,7 @@ addBinding(XML_Parser parser, PREFIX *prefix, const ATTRIBUTE_ID *attId,
* from -Wtype-limits on platforms where
* sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
#if UINT_MAX >= SIZE_MAX
- if ((unsigned)(len + EXPAND_SPARE) > (size_t)(-1) / sizeof(XML_Char)) {
+ if ((unsigned)(len + EXPAND_SPARE) > SIZE_MAX / sizeof(XML_Char)) {
return XML_ERROR_NO_MEMORY;
}
#endif
@@ -5920,15 +5926,18 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
* from -Wtype-limits on platforms where
* sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
#if UINT_MAX >= SIZE_MAX
- if (parser->m_groupSize > (size_t)(-1) / sizeof(int)) {
+ if (parser->m_groupSize > SIZE_MAX / sizeof(int)) {
+ parser->m_groupSize /= 2;
return XML_ERROR_NO_MEMORY;
}
#endif
int *const new_scaff_index = REALLOC(
parser, dtd->scaffIndex, parser->m_groupSize * sizeof(int));
- if (new_scaff_index == NULL)
+ if (new_scaff_index == NULL) {
+ parser->m_groupSize /= 2;
return XML_ERROR_NO_MEMORY;
+ }
dtd->scaffIndex = new_scaff_index;
}
} else {
@@ -7190,7 +7199,7 @@ defineAttribute(ELEMENT_TYPE *type, ATTRIBUTE_ID *attId, XML_Bool isCdata,
* from -Wtype-limits on platforms where
* sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
#if UINT_MAX >= SIZE_MAX
- if ((unsigned)count > (size_t)(-1) / sizeof(DEFAULT_ATTRIBUTE)) {
+ if ((unsigned)count > SIZE_MAX / sizeof(DEFAULT_ATTRIBUTE)) {
return 0;
}
#endif
@@ -7666,8 +7675,7 @@ dtdCopy(XML_Parser oldParser, DTD *newDtd, const DTD *oldDtd,
* from -Wtype-limits on platforms where
* sizeof(int) < sizeof(size_t), e.g. on x86_64. */
#if UINT_MAX >= SIZE_MAX
- if ((size_t)oldE->nDefaultAtts
- > ((size_t)(-1) / sizeof(DEFAULT_ATTRIBUTE))) {
+ if ((size_t)oldE->nDefaultAtts > SIZE_MAX / sizeof(DEFAULT_ATTRIBUTE)) {
return 0;
}
#endif
@@ -7869,7 +7877,7 @@ lookup(XML_Parser parser, HASH_TABLE *table, KEY name, size_t createSize) {
unsigned long newMask = (unsigned long)newSize - 1;
/* Detect and prevent integer overflow */
- if (newSize > (size_t)(-1) / sizeof(NAMED *)) {
+ if (newSize > SIZE_MAX / sizeof(NAMED *)) {
return NULL;
}
@@ -8105,7 +8113,7 @@ poolBytesToAllocateFor(int blockSize) {
static XML_Bool FASTCALL
poolGrow(STRING_POOL *pool) {
if (pool->freeBlocks) {
- if (pool->start == 0) {
+ if (pool->start == NULL) {
pool->blocks = pool->freeBlocks;
pool->freeBlocks = pool->freeBlocks->next;
pool->blocks->next = NULL;
@@ -8217,7 +8225,7 @@ nextScaffoldPart(XML_Parser parser) {
* from -Wtype-limits on platforms where
* sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
#if UINT_MAX >= SIZE_MAX
- if (parser->m_groupSize > ((size_t)(-1) / sizeof(int))) {
+ if (parser->m_groupSize > SIZE_MAX / sizeof(int)) {
return -1;
}
#endif
@@ -8244,7 +8252,7 @@ nextScaffoldPart(XML_Parser parser) {
* from -Wtype-limits on platforms where
* sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
#if UINT_MAX >= SIZE_MAX
- if (dtd->scaffSize > (size_t)(-1) / 2u / sizeof(CONTENT_SCAFFOLD)) {
+ if (dtd->scaffSize > SIZE_MAX / 2u / sizeof(CONTENT_SCAFFOLD)) {
return -1;
}
#endif
@@ -8294,15 +8302,15 @@ build_model(XML_Parser parser) {
* from -Wtype-limits on platforms where
* sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
#if UINT_MAX >= SIZE_MAX
- if (dtd->scaffCount > (size_t)(-1) / sizeof(XML_Content)) {
+ if (dtd->scaffCount > SIZE_MAX / sizeof(XML_Content)) {
return NULL;
}
- if (dtd->contentStringLen > (size_t)(-1) / sizeof(XML_Char)) {
+ if (dtd->contentStringLen > SIZE_MAX / sizeof(XML_Char)) {
return NULL;
}
#endif
if (dtd->scaffCount * sizeof(XML_Content)
- > (size_t)(-1) - dtd->contentStringLen * sizeof(XML_Char)) {
+ > SIZE_MAX - dtd->contentStringLen * sizeof(XML_Char)) {
return NULL;
}
diff --git a/Modules/expat/xmlrole.c b/Modules/expat/xmlrole.c
index 2c48bf40867953..d56bee82dd2d13 100644
--- a/Modules/expat/xmlrole.c
+++ b/Modules/expat/xmlrole.c
@@ -16,6 +16,7 @@
Copyright (c) 2017 Rhodri James
Copyright (c) 2019 David Loffredo
Copyright (c) 2021 Donghee Na
+ Copyright (c) 2025 Alfonso Gregory
Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining
@@ -46,7 +47,6 @@
# include "winconfig.h"
#endif
-#include "expat_external.h"
#include "internal.h"
#include "xmlrole.h"
#include "ascii.h"
diff --git a/Modules/expat/xmltok.c b/Modules/expat/xmltok.c
index 95d5e84b67f11c..32cd5f147e9322 100644
--- a/Modules/expat/xmltok.c
+++ b/Modules/expat/xmltok.c
@@ -24,6 +24,7 @@
Copyright (c) 2022 Martin Ettl
Copyright (c) 2022 Sean McBride
Copyright (c) 2023 Hanno Böck
+ Copyright (c) 2025 Alfonso Gregory
Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining
@@ -56,7 +57,6 @@
# include "winconfig.h"
#endif
-#include "expat_external.h"
#include "internal.h"
#include "xmltok.h"
#include "nametab.h"
diff --git a/Modules/expat/xmltok_ns.c b/Modules/expat/xmltok_ns.c
index fbdd3e3c7b7999..810ca2c6d0485e 100644
--- a/Modules/expat/xmltok_ns.c
+++ b/Modules/expat/xmltok_ns.c
@@ -12,6 +12,7 @@
Copyright (c) 2002 Fred L. Drake, Jr.
Copyright (c) 2002-2006 Karl Waclawek
Copyright (c) 2017-2021 Sebastian Pipping
+ Copyright (c) 2025 Alfonso Gregory
Licensed under the MIT license:
Permission is hereby granted, free of charge, to any person obtaining
@@ -98,13 +99,13 @@ NS(findEncoding)(const ENCODING *enc, const char *ptr, const char *end) {
int i;
XmlUtf8Convert(enc, &ptr, end, &p, p + ENCODING_MAX - 1);
if (ptr != end)
- return 0;
+ return NULL;
*p = 0;
if (streqci(buf, KW_UTF_16) && enc->minBytesPerChar == 2)
return enc;
i = getEncodingIndex(buf);
if (i == UNKNOWN_ENC)
- return 0;
+ return NULL;
return NS(encodings)[i];
}