Make DocPrinter support DynArrays larger than 2G

If the DynArray within an XMLPrinter object carries 2 gigabytes of data or more, XMLPrinter::CStrSize returns a truncated result. If a program casts this back to size_t without thought, sign extension leads to bad things(tm). ```c++ int main() { tinyxml2::XMLDocument doc; doc.InsertEndChild(doc.NewDeclaration()); auto root = doc.NewElement("root"); size_t sz = 0x80000002; auto blank = new char[sz]; memset(blank, ' ', sz); blank[sz-1]='\0'; root->SetText(blank); doc.InsertEndChild(root); tinyxml2::XMLPrinter printer(nullptr); doc.Print(&printer); std::string_view sv{printer.CStr(), static_cast<size_t>(printer.CStrSize())}; // sv.size() is way too big, causing overflows on access std::string dup(sv); // boom } ``` Fixes: 2.0.2-873-geb3ab0d
leethomason · Aug 14, 2024 · 04bbc06 · 04bbc06
1 parent 8a519a5
commit 04bbc06
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/tinyxml2.h b/tinyxml2.h
@@ -2314,7 +2314,7 @@ class TINYXML2_LIB XMLPrinter : public XMLVisitor
  of the XML file in memory. (Note the size returned
  includes the terminating null.)
  */
- int CStrSize() const {
+ size_t CStrSize() const {
  return _buffer.Size();
  }
  /**