Sebastian Pipping

@jonls any thoughts?

PS: If anyone needs a workaround: `CC=clang CFLAGS=-fPIE ./configure && make` works for me.

@jonls how would you like to continue?

This ticket on SourceForge seems related: https://sourceforge.net/p/expat/bugs/160/

On separation of concerns: If we added an interface for an "abstract hashing service", that would make it harder to use (e.g. to D-Bus) but most importantly be a lot...

Confirming for `--includedir=` and (for some cases) of `--libdir=`. A clean universal fix is not trivial and the issue can be worked around on packaging level (downstream) rather easily, so...

Regarding the argument that you quoted above, the maximum should not exceed `INT_MAX / 2`. With regard to https://trust-in-soft.com/objects-larger-than-ptrdiff_max-bytes/ , an inclusive limit of 65535 may be safer. If you...

> So I imagine the reasoning behind your recommendation here is if the maximum chunk size is set at `INT_MAX / 2`, then, when combined, the unprocessed data and incoming...

I think as a user of Expat I would only worry about overflows in your own code and rely on Expat to catch all overflows in its code. If there...

> I agree; my suggestion above was intended as a possible workaround until libexpat is adjusted to account for this possibility. I only now get your `XML_GetCurrentByteIndex` idea and I...