You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-dev@xerces.apache.org by bu...@apache.org on 2001/09/17 21:29:09 UTC
DO NOT REPLY [Bug 3660] New: -
Off-by-one error in DOMString.cpp?
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=3660>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=3660
Summary: Off-by-one error in DOMString.cpp?
Product: Xerces-C++
Version: 1.5.1
Platform: Sun
OS/Version: Solaris
Status: NEW
Severity: Major
Priority: Other
Component: DOM
AssignedTo: xerces-c-dev@xml.apache.org
ReportedBy: tom.foottit@bridgewatersystems.com
Using Sun workshop 5 on Solaris 7 with access checking on reports an access
violation error in DOMString.cpp line 651 during the final time through that
loop.
Looking through the code, it appears that the loop condition on line 650 (in
DOMString::appendData(const DOMString)) should read:
for (i=0; i<other.fHandle->fLength; i++)
instead of:
for (i=0; i<=other.fHandle->fLength; i++)
If you use i<=other.fHandle->fLength I think you are copying fLength + 1 bytes
into a buffer of length fLength (plus the original buffer length).
If I have missed something here please let me know.
---------------------------------------------------------------------
To unsubscribe, e-mail: xerces-c-dev-unsubscribe@xml.apache.org
For additional commands, e-mail: xerces-c-dev-help@xml.apache.org