You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-dev@xerces.apache.org by GitBox <gi...@apache.org> on 2022/01/20 14:40:37 UTC

[GitHub] [xerces-c] johnjamesmccann opened a new pull request #46: DTD hot fix

johnjamesmccann opened a new pull request #46:
URL: https://github.com/apache/xerces-c/pull/46


   SPDX-FileCopyrightText: Portions Copyright 2021 Siemens 
   Modified on 15-Jul-2021 by Siemens and/or its affiliates to fix CVE-2018-1311: Apache Xerces-C use-after-free vulnerability scanning external DTD. Copyright 2021 Siemens.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org

[GitHub] [xerces-c] johnjamesmccann commented on pull request #46: DTD hot fix

Posted by GitBox <gi...@apache.org>.
johnjamesmccann commented on pull request #46:
URL: https://github.com/apache/xerces-c/pull/46#issuecomment-1018334858


   I would be happy to do that, if you show me how to, as I have no idea 😊
   
   From: Roger Leigh ***@***.***>
   Sent: 20 January 2022 21:56
   To: apache/xerces-c ***@***.***>
   Cc: McCann, John (DI SW PE OT IO PP) ***@***.***>; Mention ***@***.***>
   Subject: Re: [apache/xerces-c] DTD hot fix (PR #46)
   
   
   @johnjamesmccann<https://github.com/johnjamesmccann> Thanks for opening this PR. The changes appear as an addition of two new files at the toplevel, rather than as a change to the original files. Please could you update this to add the changes in the correct directory so that the original files are updated? Thanks.
   
   —
   Reply to this email directly, view it on GitHub<https://github.com/apache/xerces-c/pull/46#issuecomment-1017961677>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AXMN5WBLNMDWZRSWSKERT5DUXCAIXANCNFSM5MM52CTA>.
   Triage notifications on the go with GitHub Mobile for iOS<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
   You are receiving this because you were mentioned.Message ID: ***@***.******@***.***>>
   
   -----------------
   Siemens Industry Software Limited is a limited company registered in England and Wales.
   Registered number: 3476850.
   Registered office: Faraday House, Sir William Siemens Square, Frimley, Surrey, GU16 8QD.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org

[GitHub] [xerces-c] rouault commented on pull request #46: DTD hot fix

Posted by GitBox <gi...@apache.org>.
rouault commented on pull request #46:
URL: https://github.com/apache/xerces-c/pull/46#issuecomment-1019508643


   > @rouault Did this problem surface with any of your recent work identifying memory bugs? Do you have any thoughts on the change being proposed and the test failure?
   
   No, I'm not familiar with that part of the code. I've substantially enhanced this PR in https://github.com/apache/xerces-c/pull/47.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre commented on pull request #46: DTD hot fix

Posted by GitBox <gi...@apache.org>.
rleigh-codelibre commented on pull request #46:
URL: https://github.com/apache/xerces-c/pull/46#issuecomment-1019432557


   @johnjamesmccann Thanks John, it now looks fine.
   
   Would it be possible to edit the PR description and add a short comment to explain why removing the use of the Janitor prevents the double-free, so that it's documented for the record.
   
   Thanks again,
   Roger


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org

[GitHub] [xerces-c] johnjamesmccann commented on pull request #46: DTD hot fix

Posted by GitBox <gi...@apache.org>.
johnjamesmccann commented on pull request #46:
URL: https://github.com/apache/xerces-c/pull/46#issuecomment-1020038900


   Hello Roger,
   
   Is everything ok with my proposed changes?
   
   Kind regards
   
   John
   
   From: Roger Leigh ***@***.***>
   Sent: 23 January 2022 08:27
   To: apache/xerces-c ***@***.***>
   Cc: McCann, John (DI SW PE OT IO PP) ***@***.***>; Mention ***@***.***>
   Subject: Re: [apache/xerces-c] DTD hot fix (PR #46)
   
   
   @rouault<https://github.com/rouault> Did this problem surface with any of your recent work identifying memory bugs? Do you have any thoughts on the change being proposed and the test failure?
   
   —
   Reply to this email directly, view it on GitHub<https://github.com/apache/xerces-c/pull/46#issuecomment-1019437334>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AXMN5WERO3L5YKCK7RLQDSDUXO3UHANCNFSM5MM52CTA>.
   Triage notifications on the go with GitHub Mobile for iOS<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
   You are receiving this because you were mentioned.Message ID: ***@***.******@***.***>>
   
   -----------------
   Siemens Industry Software Limited is a limited company registered in England and Wales.
   Registered number: 3476850.
   Registered office: Pinehurst 2, Pinehurst Road, Farnborough, Hampshire, GU14 7BF.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre commented on pull request #46: DTD hot fix

Posted by GitBox <gi...@apache.org>.
rleigh-codelibre commented on pull request #46:
URL: https://github.com/apache/xerces-c/pull/46#issuecomment-1019437334


   @rouault Did this problem surface with any of your recent work identifying memory bugs?  Do you have any thoughts on the change being proposed and the test failure?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre commented on pull request #46: DTD hot fix

Posted by GitBox <gi...@apache.org>.
rleigh-codelibre commented on pull request #46:
URL: https://github.com/apache/xerces-c/pull/46#issuecomment-1019436958


   There is also a unit test failure, which needs investigation.  If there isn't a logic error in the PR, the corresponding unit tests might need updating to match.
   
   ```
   33: Test command: /usr/local/cmake-3.12.4/bin/cmake "-DNAME=MemHandlerTest1" "-DPROGRAM=/home/travis/build/apache/xerces-c/cmake-build/tests/MemHandlerTest" "-DARGS=-v=always;-n;-r=2;personal.xml" "-DLIBXERCES_C=/home/travis/build/apache/xerces-c/cmake-build/src/libxerces-c-4.0.so" "-DWORKDIR=/home/travis/build/apache/xerces-c/samples/data" "-DSTDIN=" "-DEXPECT_FAIL=FALSE" "-DOBSERVED_DIR=/home/travis/build/apache/xerces-c/cmake-build/tests/observed" "-DEXPECTED_DIR=/home/travis/build/apache/xerces-c/tests/expected" "-DDIFF=/usr/bin/diff" "-DNLS_HOME=/home/travis/build/apache/xerces-c/cmake-build/src" "-P" "/home/travis/build/apache/xerces-c/cmake/RunTest.cmake"
   33: Test timeout computed to be: 10000000
   33: -- Running /home/travis/build/apache/xerces-c/cmake-build/tests/MemHandlerTest -v=always -n -r=2 personal.xml
   33: --- /home/travis/build/apache/xerces-c/cmake-build/tests/observed/MemHandlerTest1-exp.log	2022-01-21 15:42:13.453749473 +0000
   33: +++ /home/travis/build/apache/xerces-c/cmake-build/tests/observed/MemHandlerTest1.log	2022-01-21 15:42:13.449749191 +0000
   33: @@ -1,4 +1,4 @@
   33: -At destruction, domBuilderMemMonitor has 0 bytes.
   33: -At destruction, sax2MemMonitor has 0 bytes.
   33: -At destruction, sax1MemMonitor has 0 bytes.
   33: +At destruction, domBuilderMemMonitor has 276 bytes.
   33: +At destruction, sax2MemMonitor has 276 bytes.
   33: +At destruction, sax1MemMonitor has 276 bytes.
   33:  At destruction, staticMemMonitor has 0 bytes.
   33: CMake Error at /home/travis/build/apache/xerces-c/cmake/RunTest.cmake:71 (message):
   33:   Observed output does not match expected output
   33: Call Stack (most recent call first):
   33:   /home/travis/build/apache/xerces-c/cmake/RunTest.cmake:88 (test_command)
   33: 
   33: 
   33/79 Test #33: MemHandlerTest1 ..................***Failed    0.02 sec
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre commented on pull request #46: DTD hot fix

Posted by GitBox <gi...@apache.org>.
rleigh-codelibre commented on pull request #46:
URL: https://github.com/apache/xerces-c/pull/46#issuecomment-1017961677


   @johnjamesmccann Thanks for opening this PR.  The changes appear as an addition of two new files at the toplevel, rather than as a change to the original files.  Please could you update this to add the changes in the correct directory so that the original files are updated?  Thanks.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org

[GitHub] [xerces-c] johnjamesmccann commented on pull request #46: DTD hot fix

Posted by GitBox <gi...@apache.org>.
johnjamesmccann commented on pull request #46:
URL: https://github.com/apache/xerces-c/pull/46#issuecomment-1018530152


   Ok I think I have managed to change the files now by editing them on the PR file list.
   
   Please let me know if you need anything else Roger
   
   John


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org