head 1.2; access; symbols pkgsrc-2016Q1:1.1.0.2; locks; strict; comment @# @; 1.2 date 2016.06.22.15.39.09; author drochner; state dead; branches; next 1.1; commitid tM7iRE08pmw3Atbz; 1.1 date 2016.05.17.19.15.01; author drochner; state Exp; branches 1.1.2.1; next ; commitid WLDPkHM3kKUJTR6z; 1.1.2.1 date 2016.05.17.19.15.01; author bsiegert; state dead; branches; next 1.1.2.2; commitid aEoftv3KBty5On7z; 1.1.2.2 date 2016.05.21.19.13.45; author bsiegert; state Exp; branches; next ; commitid aEoftv3KBty5On7z; desc @@ 1.2 log @update to 2.2.0 changes: -security patches which we already had in pkgsrc are integrated -Use more entropy for hash initialization than the original fix to CVE-2012-0876 -Resolve troublesome internal call to srand that was introduced with Expat 2.1.0 when addressing CVE-2012-0876 @ text @$NetBSD: patch-CVE-2016-0718-4,v 1.1 2016/05/17 19:15:01 drochner Exp $ --- lib/xmltok_impl.c.orig 2016-03-12 03:21:09.000000000 +0000 +++ lib/xmltok_impl.c @@@@ -93,13 +93,13 @@@@ static int PTRCALL PREFIX(scanComment)(const ENCODING *enc, const char *ptr, const char *end, const char **nextTokPtr) { - if (ptr != end) { + if (ptr < end) { if (!CHAR_MATCHES(enc, ptr, ASCII_MINUS)) { *nextTokPtr = ptr; return XML_TOK_INVALID; } ptr += MINBPC(enc); - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { INVALID_CASES(ptr, nextTokPtr) case BT_MINUS: @@@@ -147,7 +147,7 @@@@ PREFIX(scanDecl)(const ENCODING *enc, co *nextTokPtr = ptr; return XML_TOK_INVALID; } - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { case BT_PERCNT: if (ptr + MINBPC(enc) == end) @@@@ -233,7 +233,7 @@@@ PREFIX(scanPi)(const ENCODING *enc, cons *nextTokPtr = ptr; return XML_TOK_INVALID; } - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { CHECK_NAME_CASES(enc, ptr, end, nextTokPtr) case BT_S: case BT_CR: case BT_LF: @@@@ -242,7 +242,7 @@@@ PREFIX(scanPi)(const ENCODING *enc, cons return XML_TOK_INVALID; } ptr += MINBPC(enc); - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { INVALID_CASES(ptr, nextTokPtr) case BT_QUEST: @@@@ -305,7 +305,7 @@@@ static int PTRCALL PREFIX(cdataSectionTok)(const ENCODING *enc, const char *ptr, const char *end, const char **nextTokPtr) { - if (ptr == end) + if (ptr >= end) return XML_TOK_NONE; if (MINBPC(enc) > 1) { size_t n = end - ptr; @@@@ -348,7 +348,7 @@@@ PREFIX(cdataSectionTok)(const ENCODING * ptr += MINBPC(enc); break; } - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { #define LEAD_CASE(n) \ case BT_LEAD ## n: \ @@@@ -391,11 +391,11 @@@@ PREFIX(scanEndTag)(const ENCODING *enc, *nextTokPtr = ptr; return XML_TOK_INVALID; } - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { CHECK_NAME_CASES(enc, ptr, end, nextTokPtr) case BT_S: case BT_CR: case BT_LF: - for (ptr += MINBPC(enc); ptr != end; ptr += MINBPC(enc)) { + for (ptr += MINBPC(enc); ptr < end; ptr += MINBPC(enc)) { switch (BYTE_TYPE(enc, ptr)) { case BT_S: case BT_CR: case BT_LF: break; @@@@ -432,7 +432,7 @@@@ static int PTRCALL PREFIX(scanHexCharRef)(const ENCODING *enc, const char *ptr, const char *end, const char **nextTokPtr) { - if (ptr != end) { + if (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { case BT_DIGIT: case BT_HEX: @@@@ -441,7 +441,7 @@@@ PREFIX(scanHexCharRef)(const ENCODING *e *nextTokPtr = ptr; return XML_TOK_INVALID; } - for (ptr += MINBPC(enc); ptr != end; ptr += MINBPC(enc)) { + for (ptr += MINBPC(enc); ptr < end; ptr += MINBPC(enc)) { switch (BYTE_TYPE(enc, ptr)) { case BT_DIGIT: case BT_HEX: @@@@ -464,7 +464,7 @@@@ static int PTRCALL PREFIX(scanCharRef)(const ENCODING *enc, const char *ptr, const char *end, const char **nextTokPtr) { - if (ptr != end) { + if (ptr < end) { if (CHAR_MATCHES(enc, ptr, ASCII_x)) return PREFIX(scanHexCharRef)(enc, ptr + MINBPC(enc), end, nextTokPtr); switch (BYTE_TYPE(enc, ptr)) { @@@@ -474,7 +474,7 @@@@ PREFIX(scanCharRef)(const ENCODING *enc, *nextTokPtr = ptr; return XML_TOK_INVALID; } - for (ptr += MINBPC(enc); ptr != end; ptr += MINBPC(enc)) { + for (ptr += MINBPC(enc); ptr < end; ptr += MINBPC(enc)) { switch (BYTE_TYPE(enc, ptr)) { case BT_DIGIT: break; @@@@ -506,7 +506,7 @@@@ PREFIX(scanRef)(const ENCODING *enc, con *nextTokPtr = ptr; return XML_TOK_INVALID; } - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { CHECK_NAME_CASES(enc, ptr, end, nextTokPtr) case BT_SEMI: @@@@ -529,7 +529,7 @@@@ PREFIX(scanAtts)(const ENCODING *enc, co #ifdef XML_NS int hadColon = 0; #endif - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { CHECK_NAME_CASES(enc, ptr, end, nextTokPtr) #ifdef XML_NS @@@@ -716,7 +716,7 @@@@ PREFIX(scanLt)(const ENCODING *enc, cons hadColon = 0; #endif /* we have a start-tag */ - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { CHECK_NAME_CASES(enc, ptr, end, nextTokPtr) #ifdef XML_NS @@@@ -740,7 +740,7 @@@@ PREFIX(scanLt)(const ENCODING *enc, cons case BT_S: case BT_CR: case BT_LF: { ptr += MINBPC(enc); - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr) case BT_GT: @@@@ -785,7 +785,7 @@@@ static int PTRCALL PREFIX(contentTok)(const ENCODING *enc, const char *ptr, const char *end, const char **nextTokPtr) { - if (ptr == end) + if (ptr >= end) return XML_TOK_NONE; if (MINBPC(enc) > 1) { size_t n = end - ptr; @@@@ -832,7 +832,7 @@@@ PREFIX(contentTok)(const ENCODING *enc, ptr += MINBPC(enc); break; } - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { #define LEAD_CASE(n) \ case BT_LEAD ## n: \ @@@@ -895,7 +895,7 @@@@ PREFIX(scanPercent)(const ENCODING *enc, *nextTokPtr = ptr; return XML_TOK_INVALID; } - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { CHECK_NAME_CASES(enc, ptr, end, nextTokPtr) case BT_SEMI: @@@@ -921,7 +921,7 @@@@ PREFIX(scanPoundName)(const ENCODING *en *nextTokPtr = ptr; return XML_TOK_INVALID; } - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { CHECK_NAME_CASES(enc, ptr, end, nextTokPtr) case BT_CR: case BT_LF: case BT_S: @@@@ -941,7 +941,7 @@@@ PREFIX(scanLit)(int open, const ENCODING const char *ptr, const char *end, const char **nextTokPtr) { - while (ptr != end) { + while (ptr < end) { int t = BYTE_TYPE(enc, ptr); switch (t) { INVALID_CASES(ptr, nextTokPtr) @@@@ -973,7 +973,7 @@@@ PREFIX(prologTok)(const ENCODING *enc, c const char **nextTokPtr) { int tok; - if (ptr == end) + if (ptr >= end) return XML_TOK_NONE; if (MINBPC(enc) > 1) { size_t n = end - ptr; @@@@ -1141,7 +1141,7 @@@@ PREFIX(prologTok)(const ENCODING *enc, c *nextTokPtr = ptr; return XML_TOK_INVALID; } - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { CHECK_NAME_CASES(enc, ptr, end, nextTokPtr) case BT_GT: case BT_RPAR: case BT_COMMA: @@@@ -1204,10 +1204,10 @@@@ PREFIX(attributeValueTok)(const ENCODING const char *end, const char **nextTokPtr) { const char *start; - if (ptr == end) + if (ptr >= end) return XML_TOK_NONE; start = ptr; - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { #define LEAD_CASE(n) \ case BT_LEAD ## n: ptr += n; break; @@@@ -1262,10 +1262,10 @@@@ PREFIX(entityValueTok)(const ENCODING *e const char *end, const char **nextTokPtr) { const char *start; - if (ptr == end) + if (ptr >= end) return XML_TOK_NONE; start = ptr; - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { #define LEAD_CASE(n) \ case BT_LEAD ## n: ptr += n; break; @@@@ -1326,7 +1326,7 @@@@ PREFIX(ignoreSectionTok)(const ENCODING end = ptr + n; } } - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { INVALID_CASES(ptr, nextTokPtr) case BT_LT: @@@@ -1373,7 +1373,7 @@@@ PREFIX(isPublicId)(const ENCODING *enc, { ptr += MINBPC(enc); end -= MINBPC(enc); - for (; ptr != end; ptr += MINBPC(enc)) { + for (; ptr < end; ptr += MINBPC(enc)) { switch (BYTE_TYPE(enc, ptr)) { case BT_DIGIT: case BT_HEX: @@@@ -1760,7 +1760,7 @@@@ PREFIX(updatePosition)(const ENCODING *e case BT_CR: pos->lineNumber++; ptr += MINBPC(enc); - if (ptr != end && BYTE_TYPE(enc, ptr) == BT_LF) + if (ptr < end && BYTE_TYPE(enc, ptr) == BT_LF) ptr += MINBPC(enc); pos->columnNumber = (XML_Size)-1; break; @ 1.1 log @add patches from upstream to fix possible crashes and memory corruption on malformed input (CVE-2016-0718) Description: The Expat XML parser mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. The bugs allow for a denial of service attack in many applications by an unauthenticated attacker, and could conceivably result in remote code execution. bump PKGREV also add an improvement to the fix for CVE-2015-1283 which was part of the 2.1.1 release -- don't rely on defined behaviour on overflows of signed integer operations, from upstream git: https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde/ pkgsrc change: add a hint how to run the pkg's selftest (not enabled permanently because this would add a dependency on C++) @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-CVE-2016-0718-4 was added on branch pkgsrc-2016Q1 on 2016-05-21 19:13:45 +0000 @ text @d1 267 @ 1.1.2.2 log @Pullup ticket #5026 - requested by drochner textproc/expat: security fix Revisions pulled up: - textproc/expat/Makefile 1.32 - textproc/expat/distinfo 1.25 - textproc/expat/patches/patch-CVE-2016-0718-1 1.1 - textproc/expat/patches/patch-CVE-2016-0718-2 1.1 - textproc/expat/patches/patch-CVE-2016-0718-3 1.1 - textproc/expat/patches/patch-CVE-2016-0718-4 1.1 --- Module Name: pkgsrc Committed By: drochner Date: Tue May 17 19:15:01 UTC 2016 Modified Files: pkgsrc/textproc/expat: Makefile distinfo Added Files: pkgsrc/textproc/expat/patches: patch-CVE-2016-0718-1 patch-CVE-2016-0718-2 patch-CVE-2016-0718-3 patch-CVE-2016-0718-4 Log Message: add patches from upstream to fix possible crashes and memory corruption on malformed input (CVE-2016-0718) Description: The Expat XML parser mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. The bugs allow for a denial of service attack in many applications by an unauthenticated attacker, and could conceivably result in remote code execution. bump PKGREV also add an improvement to the fix for CVE-2015-1283 which was part of the 2.1.1 release -- don't rely on defined behaviour on overflows of signed integer operations, from upstream git: https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde/ pkgsrc change: add a hint how to run the pkg's selftest (not enabled permanently because this would add a dependency on C++) @ text @a0 267 $NetBSD$ --- lib/xmltok_impl.c.orig 2016-03-12 03:21:09.000000000 +0000 +++ lib/xmltok_impl.c @@@@ -93,13 +93,13 @@@@ static int PTRCALL PREFIX(scanComment)(const ENCODING *enc, const char *ptr, const char *end, const char **nextTokPtr) { - if (ptr != end) { + if (ptr < end) { if (!CHAR_MATCHES(enc, ptr, ASCII_MINUS)) { *nextTokPtr = ptr; return XML_TOK_INVALID; } ptr += MINBPC(enc); - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { INVALID_CASES(ptr, nextTokPtr) case BT_MINUS: @@@@ -147,7 +147,7 @@@@ PREFIX(scanDecl)(const ENCODING *enc, co *nextTokPtr = ptr; return XML_TOK_INVALID; } - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { case BT_PERCNT: if (ptr + MINBPC(enc) == end) @@@@ -233,7 +233,7 @@@@ PREFIX(scanPi)(const ENCODING *enc, cons *nextTokPtr = ptr; return XML_TOK_INVALID; } - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { CHECK_NAME_CASES(enc, ptr, end, nextTokPtr) case BT_S: case BT_CR: case BT_LF: @@@@ -242,7 +242,7 @@@@ PREFIX(scanPi)(const ENCODING *enc, cons return XML_TOK_INVALID; } ptr += MINBPC(enc); - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { INVALID_CASES(ptr, nextTokPtr) case BT_QUEST: @@@@ -305,7 +305,7 @@@@ static int PTRCALL PREFIX(cdataSectionTok)(const ENCODING *enc, const char *ptr, const char *end, const char **nextTokPtr) { - if (ptr == end) + if (ptr >= end) return XML_TOK_NONE; if (MINBPC(enc) > 1) { size_t n = end - ptr; @@@@ -348,7 +348,7 @@@@ PREFIX(cdataSectionTok)(const ENCODING * ptr += MINBPC(enc); break; } - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { #define LEAD_CASE(n) \ case BT_LEAD ## n: \ @@@@ -391,11 +391,11 @@@@ PREFIX(scanEndTag)(const ENCODING *enc, *nextTokPtr = ptr; return XML_TOK_INVALID; } - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { CHECK_NAME_CASES(enc, ptr, end, nextTokPtr) case BT_S: case BT_CR: case BT_LF: - for (ptr += MINBPC(enc); ptr != end; ptr += MINBPC(enc)) { + for (ptr += MINBPC(enc); ptr < end; ptr += MINBPC(enc)) { switch (BYTE_TYPE(enc, ptr)) { case BT_S: case BT_CR: case BT_LF: break; @@@@ -432,7 +432,7 @@@@ static int PTRCALL PREFIX(scanHexCharRef)(const ENCODING *enc, const char *ptr, const char *end, const char **nextTokPtr) { - if (ptr != end) { + if (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { case BT_DIGIT: case BT_HEX: @@@@ -441,7 +441,7 @@@@ PREFIX(scanHexCharRef)(const ENCODING *e *nextTokPtr = ptr; return XML_TOK_INVALID; } - for (ptr += MINBPC(enc); ptr != end; ptr += MINBPC(enc)) { + for (ptr += MINBPC(enc); ptr < end; ptr += MINBPC(enc)) { switch (BYTE_TYPE(enc, ptr)) { case BT_DIGIT: case BT_HEX: @@@@ -464,7 +464,7 @@@@ static int PTRCALL PREFIX(scanCharRef)(const ENCODING *enc, const char *ptr, const char *end, const char **nextTokPtr) { - if (ptr != end) { + if (ptr < end) { if (CHAR_MATCHES(enc, ptr, ASCII_x)) return PREFIX(scanHexCharRef)(enc, ptr + MINBPC(enc), end, nextTokPtr); switch (BYTE_TYPE(enc, ptr)) { @@@@ -474,7 +474,7 @@@@ PREFIX(scanCharRef)(const ENCODING *enc, *nextTokPtr = ptr; return XML_TOK_INVALID; } - for (ptr += MINBPC(enc); ptr != end; ptr += MINBPC(enc)) { + for (ptr += MINBPC(enc); ptr < end; ptr += MINBPC(enc)) { switch (BYTE_TYPE(enc, ptr)) { case BT_DIGIT: break; @@@@ -506,7 +506,7 @@@@ PREFIX(scanRef)(const ENCODING *enc, con *nextTokPtr = ptr; return XML_TOK_INVALID; } - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { CHECK_NAME_CASES(enc, ptr, end, nextTokPtr) case BT_SEMI: @@@@ -529,7 +529,7 @@@@ PREFIX(scanAtts)(const ENCODING *enc, co #ifdef XML_NS int hadColon = 0; #endif - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { CHECK_NAME_CASES(enc, ptr, end, nextTokPtr) #ifdef XML_NS @@@@ -716,7 +716,7 @@@@ PREFIX(scanLt)(const ENCODING *enc, cons hadColon = 0; #endif /* we have a start-tag */ - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { CHECK_NAME_CASES(enc, ptr, end, nextTokPtr) #ifdef XML_NS @@@@ -740,7 +740,7 @@@@ PREFIX(scanLt)(const ENCODING *enc, cons case BT_S: case BT_CR: case BT_LF: { ptr += MINBPC(enc); - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr) case BT_GT: @@@@ -785,7 +785,7 @@@@ static int PTRCALL PREFIX(contentTok)(const ENCODING *enc, const char *ptr, const char *end, const char **nextTokPtr) { - if (ptr == end) + if (ptr >= end) return XML_TOK_NONE; if (MINBPC(enc) > 1) { size_t n = end - ptr; @@@@ -832,7 +832,7 @@@@ PREFIX(contentTok)(const ENCODING *enc, ptr += MINBPC(enc); break; } - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { #define LEAD_CASE(n) \ case BT_LEAD ## n: \ @@@@ -895,7 +895,7 @@@@ PREFIX(scanPercent)(const ENCODING *enc, *nextTokPtr = ptr; return XML_TOK_INVALID; } - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { CHECK_NAME_CASES(enc, ptr, end, nextTokPtr) case BT_SEMI: @@@@ -921,7 +921,7 @@@@ PREFIX(scanPoundName)(const ENCODING *en *nextTokPtr = ptr; return XML_TOK_INVALID; } - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { CHECK_NAME_CASES(enc, ptr, end, nextTokPtr) case BT_CR: case BT_LF: case BT_S: @@@@ -941,7 +941,7 @@@@ PREFIX(scanLit)(int open, const ENCODING const char *ptr, const char *end, const char **nextTokPtr) { - while (ptr != end) { + while (ptr < end) { int t = BYTE_TYPE(enc, ptr); switch (t) { INVALID_CASES(ptr, nextTokPtr) @@@@ -973,7 +973,7 @@@@ PREFIX(prologTok)(const ENCODING *enc, c const char **nextTokPtr) { int tok; - if (ptr == end) + if (ptr >= end) return XML_TOK_NONE; if (MINBPC(enc) > 1) { size_t n = end - ptr; @@@@ -1141,7 +1141,7 @@@@ PREFIX(prologTok)(const ENCODING *enc, c *nextTokPtr = ptr; return XML_TOK_INVALID; } - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { CHECK_NAME_CASES(enc, ptr, end, nextTokPtr) case BT_GT: case BT_RPAR: case BT_COMMA: @@@@ -1204,10 +1204,10 @@@@ PREFIX(attributeValueTok)(const ENCODING const char *end, const char **nextTokPtr) { const char *start; - if (ptr == end) + if (ptr >= end) return XML_TOK_NONE; start = ptr; - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { #define LEAD_CASE(n) \ case BT_LEAD ## n: ptr += n; break; @@@@ -1262,10 +1262,10 @@@@ PREFIX(entityValueTok)(const ENCODING *e const char *end, const char **nextTokPtr) { const char *start; - if (ptr == end) + if (ptr >= end) return XML_TOK_NONE; start = ptr; - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { #define LEAD_CASE(n) \ case BT_LEAD ## n: ptr += n; break; @@@@ -1326,7 +1326,7 @@@@ PREFIX(ignoreSectionTok)(const ENCODING end = ptr + n; } } - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { INVALID_CASES(ptr, nextTokPtr) case BT_LT: @@@@ -1373,7 +1373,7 @@@@ PREFIX(isPublicId)(const ENCODING *enc, { ptr += MINBPC(enc); end -= MINBPC(enc); - for (; ptr != end; ptr += MINBPC(enc)) { + for (; ptr < end; ptr += MINBPC(enc)) { switch (BYTE_TYPE(enc, ptr)) { case BT_DIGIT: case BT_HEX: @@@@ -1760,7 +1760,7 @@@@ PREFIX(updatePosition)(const ENCODING *e case BT_CR: pos->lineNumber++; ptr += MINBPC(enc); - if (ptr != end && BYTE_TYPE(enc, ptr) == BT_LF) + if (ptr < end && BYTE_TYPE(enc, ptr) == BT_LF) ptr += MINBPC(enc); pos->columnNumber = (XML_Size)-1; break; @