GNOME Bugzilla – Bug 675412
xmlMemUsed() overflow due downcast to int
Last modified: 2021-07-05 13:22:34 UTC
The memory debug helper stores the size of allocated blocks in a static variable when libxml2 is compiled with --with-mem-debug. The static vars are defined in xmlmemory.c as static unsigned long debugMemSize = 0; static unsigned long debugMemBlocks = 0; static unsigned long debugMaxMemSize = 0; However the functions to retrieve the values return an int thus leading to an overflow when lots of memory is allocated int xmlMemUsed(void) { return(debugMemSize); } Also unsigned long isn't a wise choice since Windows always defines long as a 32bit type, even on AMD64 platform. This may lead to another overflow. size_t should be better. recommended fix: * use size_t instead of unsigned long * either redefine the return type of xmlMemUsed() and xmlMemBlocks() or add two new methods like xmlMemUsedL() to return size_t. While you are on it, a method xmlMemMaxUsed() wouldn't hurt, too. I can provide a patch if you concur with my analysis.
GNOME is going to shut down bugzilla.gnome.org in favor of gitlab.gnome.org. As part of that, we are mass-closing older open tickets in bugzilla.gnome.org which have not seen updates for a longer time (resources are unfortunately quite limited so not every ticket can get handled). If you can still reproduce the situation described in this ticket in a recent and supported software version, then please follow https://wiki.gnome.org/GettingInTouch/BugReportingGuidelines and create a new ticket at https://gitlab.gnome.org/GNOME/libxml2/-/issues/ Thank you for your understanding and your help.