From 63f3de1a3c3ebd57dc88d93b7647c16a1e1b3dda Mon Sep 17 00:00:00 2001
From: Dmitry-Me <wipedout@yandex.ru>
Date: Thu, 21 Aug 2014 12:33:19 +0400
Subject: [PATCH 1/2] Make code more defensive * initialize out-parameter for
 cases the callee fails to * add assert for length being within range *
 replace post-assert with pre-assert

Also replace the loop with an equivalent memcpy() call
---
 tinyxml2.cpp | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/tinyxml2.cpp b/tinyxml2.cpp
index 4efc768..86090d6 100755
--- a/tinyxml2.cpp
+++ b/tinyxml2.cpp
@@ -216,13 +216,14 @@ const char* StrPair::GetStr()
                     //   &#20013; or &#x4e2d;
 
                     if ( *(p+1) == '#' ) {
-                        char buf[10] = { 0 };
-                        int len;
+                        const int buflen = 10;
+                        char buf[buflen] = { 0 };
+                        int len = 0;
                         p = const_cast<char*>( XMLUtil::GetCharacterRef( p, buf, &len ) );
-                        for( int i=0; i<len; ++i ) {
-                            *q++ = buf[i];
-                        }
-                        TIXMLASSERT( q <= p );
+                        TIXMLASSERT( 0 <= len && len <= buflen );
+                        TIXMLASSERT( q + len <= p );
+                        memcpy( q, buf, len );
+                        q += len;
                     }
                     else {
                         int i=0;

From ec19a0e513adf72b30d9dee70ae859223e3a67a5 Mon Sep 17 00:00:00 2001
From: Dmitry-Me <wipedout@yandex.ru>
Date: Mon, 25 Aug 2014 11:05:55 +0400
Subject: [PATCH 2/2] Remove obsolete comment

---
 tinyxml2.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tinyxml2.cpp b/tinyxml2.cpp
index 86090d6..df345f9 100755
--- a/tinyxml2.cpp
+++ b/tinyxml2.cpp
@@ -112,7 +112,7 @@ char* StrPair::ParseText( char* p, const char* endTag, int strFlags )
 {
     TIXMLASSERT( endTag && *endTag );
 
-    char* start = p;	// fixme: hides a member
+    char* start = p;
     char  endChar = *endTag;
     size_t length = strlen( endTag );