You are viewing a plain text version of this content. The canonical link for it is here.

Posted to c-dev@xerces.apache.org by "Philippe Forest (JIRA)" <xe...@xml.apache.org> on 2007/02/23 12:19:05 UTC

[jira] Created: (XERCESC-1679) xercesc_2_7::XMLUTF8Transcoder::transcodeFrom has a Conditional jump or move depends on uninitialised value.

xercesc_2_7::XMLUTF8Transcoder::transcodeFrom has a Conditional jump or move depends on uninitialised value.
------------------------------------------------------------------------------------------------------------

                 Key: XERCESC-1679
                 URL: https://issues.apache.org/jira/browse/XERCESC-1679
             Project: Xerces-C++
          Issue Type: Bug
          Components: Utilities
    Affects Versions: 2.7.0
         Environment: Linux rhes-4 i686 gcc-3-2-3  32 bit
            Reporter: Philippe Forest


The problem is that the value of the poiter get checked before the check to see if you have passed the end of the input buffer.
in the file :XMLUTF8Transcoder.cpp on position 157.
current code:

            } while (*srcPtr <= 127    &&     // <- this can cause a crash if this memory is not your.
                      srcPtr != srcEnd &&
                      outPtr != outEnd );
should be:

            } while (
                      srcPtr != srcEnd &&         // first check the end
                      *srcPtr <= 127    &&        // then the content
                      outPtr != outEnd );

See valrind log:
Thanks Let me know if you need more details.
Phil.

==25072== Conditional jump or move depends on uninitialised value(s)
==25072==    at 0x5170D2A: xercesc_2_7::XMLUTF8Transcoder::transcodeFrom(unsigned char const*, unsigned, unsigned short*, unsigned, unsigned&, unsigned char*) (XMLUTF8Transcoder.cpp:157)
==25072==    by 0x5158D2F: xercesc_2_7::XMLReader::xcodeMoreChars(unsigned short*, unsigned char*, unsigned) (XMLReader.cpp:1707)
==25072==    by 0x5156FC9: xercesc_2_7::XMLReader::refreshCharBuffer() (XMLReader.cpp:498)
==25072==    by 0x50BB3A7: xercesc_2_7::XMLReader::peekNextChar(unsigned short&) (XMLReader.hpp:759)
==25072==    by 0x50B933A: xercesc_2_7::ReaderMgr::peekNextChar() (ReaderMgr.cpp:163)
==25072==    by 0x515DFA6: xercesc_2_7::XMLScanner::scanProlog() (XMLScanner.cpp:1237)
==25072==    by 0x5085CC6: xercesc_2_7::IGXMLScanner::scanDocument(xercesc_2_7::InputSource const&) (IGXMLScanner.cpp:202)
==25072==    by 0x50CC048: xercesc_2_7::SAX2XMLReaderImpl::parse(xercesc_2_7::InputSource const&) (SAX2XMLReaderImpl.cpp:396)
...

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org

[jira] Resolved: (XERCESC-1679) xercesc_2_7::XMLUTF8Transcoder::transcodeFrom has a Conditional jump or move depends on uninitialised value.

Posted by "Alberto Massari (JIRA)" <xe...@xml.apache.org>.

     [ https://issues.apache.org/jira/browse/XERCESC-1679?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Alberto Massari resolved XERCESC-1679.
--------------------------------------

    Resolution: Duplicate

Duplicate of XERCESC-1555

> xercesc_2_7::XMLUTF8Transcoder::transcodeFrom has a Conditional jump or move depends on uninitialised value.
> ------------------------------------------------------------------------------------------------------------
>
>                 Key: XERCESC-1679
>                 URL: https://issues.apache.org/jira/browse/XERCESC-1679
>             Project: Xerces-C++
>          Issue Type: Bug
>          Components: Utilities
>    Affects Versions: 2.7.0
>         Environment: Linux rhes-4 i686 gcc-3-2-3  32 bit
>            Reporter: Philippe Forest
>
> The problem is that the value of the poiter get checked before the check to see if you have passed the end of the input buffer.
> in the file :XMLUTF8Transcoder.cpp on position 157.
> current code:
>             } while (*srcPtr <= 127    &&     // <- this can cause a crash if this memory is not your.
>                       srcPtr != srcEnd &&
>                       outPtr != outEnd );
> should be:
>             } while (
>                       srcPtr != srcEnd &&         // first check the end
>                       *srcPtr <= 127    &&        // then the content
>                       outPtr != outEnd );
> See valrind log:
> Thanks Let me know if you need more details.
> Phil.
> ==25072== Conditional jump or move depends on uninitialised value(s)
> ==25072==    at 0x5170D2A: xercesc_2_7::XMLUTF8Transcoder::transcodeFrom(unsigned char const*, unsigned, unsigned short*, unsigned, unsigned&, unsigned char*) (XMLUTF8Transcoder.cpp:157)
> ==25072==    by 0x5158D2F: xercesc_2_7::XMLReader::xcodeMoreChars(unsigned short*, unsigned char*, unsigned) (XMLReader.cpp:1707)
> ==25072==    by 0x5156FC9: xercesc_2_7::XMLReader::refreshCharBuffer() (XMLReader.cpp:498)
> ==25072==    by 0x50BB3A7: xercesc_2_7::XMLReader::peekNextChar(unsigned short&) (XMLReader.hpp:759)
> ==25072==    by 0x50B933A: xercesc_2_7::ReaderMgr::peekNextChar() (ReaderMgr.cpp:163)
> ==25072==    by 0x515DFA6: xercesc_2_7::XMLScanner::scanProlog() (XMLScanner.cpp:1237)
> ==25072==    by 0x5085CC6: xercesc_2_7::IGXMLScanner::scanDocument(xercesc_2_7::InputSource const&) (IGXMLScanner.cpp:202)
> ==25072==    by 0x50CC048: xercesc_2_7::SAX2XMLReaderImpl::parse(xercesc_2_7::InputSource const&) (SAX2XMLReaderImpl.cpp:396)
> ...

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org