You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-dev@xerces.apache.org by "Oscar Ciurana (JIRA)" <xe...@xml.apache.org> on 2010/09/30 19:02:36 UTC
[jira] Commented: (XERCESC-1940) Problem in prefix parsing while
creating Documnet, Element, Attributes on all platforms : Issue is in
poolString creation
[ https://issues.apache.org/jira/browse/XERCESC-1940?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12916558#action_12916558 ]
Oscar Ciurana commented on XERCESC-1940:
----------------------------------------
You can ensure the pooled string is 'n' chars long adding a condition in the 'if' statement:
if (XMLString::equalsN((*pspe)->fString, in, n) && (*pspe)->fString[n] == L'\0' )
this solution no requires the generation of a copy of the source string.
> Problem in prefix parsing while creating Documnet, Element, Attributes on all platforms : Issue is in poolString creation
> -------------------------------------------------------------------------------------------------------------------------
>
> Key: XERCESC-1940
> URL: https://issues.apache.org/jira/browse/XERCESC-1940
> Project: Xerces-C++
> Issue Type: Bug
> Components: DOM
> Affects Versions: 3.0.1, 3.1.1
> Environment: ALL Platform, ALL OS
> Reporter: Anil G Pandge
> Priority: Critical
> Fix For: 3.1.2, 3.2.0
>
> Attachments: DOMDocumentImpl.hpp.patch, MainPro.cpp
>
>
> Description:
> ============
> When I create a DOM document using xerces APIs, for very specific input its creating wrong payload. This is observable on 64-bit but on 32-bit. For testing I have written sample with createDocument API which creates DOM document and print it in string format.
> I ran the test on following inputs:
> createDocument("types:statusSet","http://xyz.com");
> createDocument function just create dom document and prints payloads. Following is the outputs of above string on 32-bit machine.
> 32 bit platforms output:
> prefix = types:statusSet
> LocalName = statusSet
> doc = <types:statusSet xmlns:types:statusSet="http://xyz.com"/>
> ===================
> Severity : Critical
> ===================
> Platforms: ALL
> ==============
> Cause and resolution
> ====================
> I debugged xerces code, issue is in
> File : "DOMDocumentImpl.hpp"
> Function : "DOMDocumentImpl::getPooledNString(const XMLCh *in, XMLSize_t n)"
> Patch:
> ======
> --- DOMDocumentImpl.hpp 2008-07-24 15:58:29.000000000 +0530
> +++ /data/eclipse_workspace/CppIT-3.1.0/XercesTEst/src/xercesc/dom/impl/DOMDocumentImpl.hpp 2010-08-22 10:36:18.000000000 +0530
> @@ -401,9 +401,11 @@
> pspe = &fNameTable[inHash];
> while (*pspe != 0)
> {
> - if (XMLString::equalsN((*pspe)->fString, in, n))
> - return (*pspe)->fString;
> - pspe = &((*pspe)->fNext);
> + XMLCh firstN[n];
> + XMLString::copyNString(firstN,in,n);
> + if (XMLString::equals((*pspe)->fString, firstN))
> + return (*pspe)->fString;
> + pspe = &((*pspe)->fNext);
> }
> Issue:
> ======
> 1. getPooledNString computes hash of prefix and searches in fNameTable.
> 2. Once hash is found, code cheks pooledString and 'n' characters of qualifiedString. !!!!! WRONG !!!!!
> 3. if comparision is true it returns the pooled string.
> Ex:
> In case of "types:statusSet", it will compare "types:statusSet" and first 6 characters of "types:", it found comparision true. It return pooled string "types:statusSet" as prefix !!!!! WRONG !!!!!
> How to reporduce:
> =================
> Very easy to reproduce. Run the sample program I have attached.
>
> Resolution:
> ===========
> I have attached patch file with resolution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org