From db32b09d505b2a87fc0ed5eb5f08ff344c735088 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Thu, 20 Apr 2023 16:22:11 +0200
Subject: [PATCH] xmllint: Validate --maxmem integer option

Fixes #520.
---
 xmllint.c | 25 +++++++++++++++++++++----
 1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/xmllint.c b/xmllint.c
index 1ba6acfb..398670b4 100644
--- a/xmllint.c
+++ b/xmllint.c
@@ -14,6 +14,8 @@
 #include <stdlib.h>
 #include <assert.h>
 #include <time.h>
+#include <errno.h>
+#include <limits.h>
 
 #ifdef HAVE_SYS_TIME_H
 #include <sys/time.h>
@@ -3085,10 +3087,25 @@ main(int argc, char **argv) {
 
 	if ((!strcmp(argv[i], "-maxmem")) ||
 	    (!strcmp(argv[i], "--maxmem"))) {
-	     i++;
-	     if ((i >= argc) || (sscanf(argv[i], "%d", &maxmem) != 1)) {
-	         maxmem = 0;
-	     }
+            char *val_end;
+            long val;
+
+            i++;
+            if (i >= argc) {
+                fprintf(stderr, "maxmem: missing integer value\n");
+                return(XMLLINT_ERR_UNCLASS);
+            }
+            errno = 0;
+            val = strtol(argv[i], &val_end, 10);
+            if (errno == EINVAL || *val_end != 0) {
+                fprintf(stderr, "maxmem: invalid integer: %s\n", argv[i]);
+                return(XMLLINT_ERR_UNCLASS);
+            }
+            if (errno != 0 || val < 0 || val > INT_MAX) {
+                fprintf(stderr, "maxmem: integer out of range: %s\n", argv[i]);
+                return(XMLLINT_ERR_UNCLASS);
+            }
+            maxmem = val;
         }
     }
     if (maxmem != 0)