[CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE
Also impose size limits when XML_PARSE_HUGE is set. Limit size of names
to XML_MAX_TEXT_LENGTH (10 million bytes) and other content to
XML_MAX_HUGE_LENGTH (1 billion bytes).
Move some the length checks to the end of the respective loop to make
them strict.
xmlParseEntityValue didn't have a length limitation at all. But without
XML_PARSE_HUGE, this should eventually trigger an error in xmlGROW.
Thanks to Maddie Stone working with Google Project Zero for the report!
Change-Id: If70b028a02c1ffce193baa26182b829f944c5d7a
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>