Highlights
Integer Overflow: 3 prior fixes. Scrutinize any change in this area.
tinyxml2.cpp: most-fixed (3 issues). Treat as high-risk during review.
2 high-severity fixes in this history; regressions here are high-impact.
Recurring patterns
The bug types that recur here, drawn from past fixes, not open vulnerabilities.
Integer Overflow: Extremely large decimal or hexadecimal character references can bypass code-point validation due to integer wrap-around inside ConvertUTF32ToUTF8, leading to out-of-bounds writing or memory safety issues.
Memory Corruption: Failure to safely validate document/file sizes during memory allocation (such as using 32-bit signed types instead of 64-bit unsigned types) can lead to heap buffer overflows during allocation.
Integer Overflow: Returning 'int' for size methods like CStrSize can trigger signed truncation and sign-extension bugs on documents larger than 2GB, resulting in potential buffer miscalculations.