File expat-CVE-2026-25210.patch of Package expat.42557

From 7ddea353ad3795f7222441274d4d9a155b523cba Mon Sep 17 00:00:00 2001
From: Matthew Fernandez <matthew.fernandez@gmail.com>
Date: Thu, 2 Oct 2025 17:15:15 -0700
Subject: [PATCH 1/3] lib: Make a doubling more readable

Suggested-by: Sebastian Pipping <sebastian@pipping.org>
---
 lib/xmlparse.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: expat-2.7.1/lib/xmlparse.c
===================================================================
--- expat-2.7.1.orig/lib/xmlparse.c
+++ expat-2.7.1/lib/xmlparse.c
@@ -3484,7 +3484,6 @@ doContent(XML_Parser parser, int startTa
         const char *fromPtr = tag->rawName;
         toPtr = (XML_Char *)tag->buf;
         for (;;) {
-          int bufSize;
           int convLen;
           const enum XML_Convert_Result convert_res
               = XmlConvert(enc, &fromPtr, rawNameEnd, (ICHAR **)&toPtr,
@@ -3495,7 +3494,9 @@ doContent(XML_Parser parser, int startTa
             tag->name.strLen = convLen;
             break;
           }
-          bufSize = (int)(tag->bufEnd - tag->buf) << 1;
+          if (SIZE_MAX / 2 < (size_t)(tag->bufEnd - tag->buf))
+            return XML_ERROR_NO_MEMORY;
+          const size_t bufSize = (size_t)(tag->bufEnd - tag->buf) * 2;
           {
             char *temp = REALLOC(parser, tag->buf, bufSize);
             if (temp == NULL)