You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@santuario.apache.org by "Scott Cantor (JIRA)" <ji...@apache.org> on 2017/09/11 02:00:09 UTC

[jira] [Resolved] (SANTUARIO-474) Better overflow checking

     [ https://issues.apache.org/jira/browse/SANTUARIO-474?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Scott Cantor resolved SANTUARIO-474.
------------------------------------
    Resolution: Fixed

xsecsize_t has been replaced, and the overflow check doesn't count on an underflow anymore, but does require XERCES_SIZE_MAX which is only present in 3.2.

> Better overflow checking
> ------------------------
>
>                 Key: SANTUARIO-474
>                 URL: https://issues.apache.org/jira/browse/SANTUARIO-474
>             Project: Santuario
>          Issue Type: Bug
>          Components: C++
>    Affects Versions: C++ 1.7.3
>            Reporter: Ferenc Wágner
>            Assignee: Scott Cantor
>             Fix For: C++ 2.0.0
>
>
> While looking at those few remaining compiler warnings, I encountered code in {{safeBuffer::checkAndExpand}} like this:
> {code}
> if (size + 1 < bufferSize) 
>         return;
> // Make the new size twice the size of the new string requirement 
> xsecsize_t newBufferSize = size * 2; 
> {code}
> (We're dealing with unsigned quantities here.)
> Shouldn't there be overflow checks everywhere?



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)