You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-dev@xerces.apache.org by "Anil G Pandge (JIRA)" <xe...@xml.apache.org> on 2010/08/23 11:49:17 UTC
[jira] Created: (XERCESC-1940) Problem in prefix parsing while
creating Documnet, Element, Attributes on all platforms : Issue is in
poolString creation
Problem in prefix parsing while creating Documnet, Element, Attributes on all platforms : Issue is in poolString creation
-------------------------------------------------------------------------------------------------------------------------
Key: XERCESC-1940
URL: https://issues.apache.org/jira/browse/XERCESC-1940
Project: Xerces-C++
Issue Type: Bug
Components: DOM
Affects Versions: 3.0.1, 3.1.1
Environment: ALL Platform, ALL OS
Reporter: Anil G Pandge
Priority: Critical
Description:
============
When I create a DOM document using xerces APIs, for very specific input its creating wrong payload. This is observable on 64-bit but on 32-bit. For testing I have written sample with createDocument API which creates DOM document and print it in string format.
I ran the test on following inputs:
createDocument("types:statusSet","http://xyz.com");
createDocument function just create dom document and prints payloads. Following is the outputs of above string on 32-bit machine.
32 bit platforms output:
prefix = types:statusSet
LocalName = statusSet
doc = <types:statusSet xmlns:types:statusSet="http://xyz.com"/>
===================
Severity : Critical
===================
Platforms: ALL
==============
Cause and resolution
====================
I debugged xerces code, issue is in
File : "DOMDocumentImpl.hpp"
Function : "DOMDocumentImpl::getPooledNString(const XMLCh *in, XMLSize_t n)"
Patch:
======
--- DOMDocumentImpl.hpp 2008-07-24 15:58:29.000000000 +0530
+++ /data/eclipse_workspace/CppIT-3.1.0/XercesTEst/src/xercesc/dom/impl/DOMDocumentImpl.hpp 2010-08-22 10:36:18.000000000 +0530
@@ -401,9 +401,11 @@
pspe = &fNameTable[inHash];
while (*pspe != 0)
{
- if (XMLString::equalsN((*pspe)->fString, in, n))
- return (*pspe)->fString;
- pspe = &((*pspe)->fNext);
+ XMLCh firstN[n];
+ XMLString::copyNString(firstN,in,n);
+ if (XMLString::equals((*pspe)->fString, firstN))
+ return (*pspe)->fString;
+ pspe = &((*pspe)->fNext);
}
Issue:
======
1. getPooledNString computes hash of prefix and searches in fNameTable.
2. Once hash is found, code cheks pooledString and 'n' characters of qualifiedString. !!!!! WRONG !!!!!
3. if comparision is true it returns the pooled string.
Ex:
In case of "types:statusSet", it will compare "types:statusSet" and first 6 characters of "types:", it found comparision true. It return pooled string "types:statusSet" as prefix !!!!! WRONG !!!!!
How to reporduce:
=================
Very easy to reproduce. Run the sample program I have attached.
Resolution:
===========
I have attached patch file with resolution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org
[jira] Updated: (XERCESC-1940) Problem in prefix parsing while
creating Documnet, Element, Attributes on all platforms : Issue is in
poolString creation
Posted by "Anil G Pandge (JIRA)" <xe...@xml.apache.org>.
[ https://issues.apache.org/jira/browse/XERCESC-1940?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Anil G Pandge updated XERCESC-1940:
-----------------------------------
Attachment: MainPro.cpp
DOMDocumentImpl.hpp.patch
1. Attaching test program to reproduce the issue.
2. Patch file that includes fix for the issue.
> Problem in prefix parsing while creating Documnet, Element, Attributes on all platforms : Issue is in poolString creation
> -------------------------------------------------------------------------------------------------------------------------
>
> Key: XERCESC-1940
> URL: https://issues.apache.org/jira/browse/XERCESC-1940
> Project: Xerces-C++
> Issue Type: Bug
> Components: DOM
> Affects Versions: 3.0.1, 3.1.1
> Environment: ALL Platform, ALL OS
> Reporter: Anil G Pandge
> Priority: Critical
> Attachments: DOMDocumentImpl.hpp.patch, MainPro.cpp
>
>
> Description:
> ============
> When I create a DOM document using xerces APIs, for very specific input its creating wrong payload. This is observable on 64-bit but on 32-bit. For testing I have written sample with createDocument API which creates DOM document and print it in string format.
> I ran the test on following inputs:
> createDocument("types:statusSet","http://xyz.com");
> createDocument function just create dom document and prints payloads. Following is the outputs of above string on 32-bit machine.
> 32 bit platforms output:
> prefix = types:statusSet
> LocalName = statusSet
> doc = <types:statusSet xmlns:types:statusSet="http://xyz.com"/>
> ===================
> Severity : Critical
> ===================
> Platforms: ALL
> ==============
> Cause and resolution
> ====================
> I debugged xerces code, issue is in
> File : "DOMDocumentImpl.hpp"
> Function : "DOMDocumentImpl::getPooledNString(const XMLCh *in, XMLSize_t n)"
> Patch:
> ======
> --- DOMDocumentImpl.hpp 2008-07-24 15:58:29.000000000 +0530
> +++ /data/eclipse_workspace/CppIT-3.1.0/XercesTEst/src/xercesc/dom/impl/DOMDocumentImpl.hpp 2010-08-22 10:36:18.000000000 +0530
> @@ -401,9 +401,11 @@
> pspe = &fNameTable[inHash];
> while (*pspe != 0)
> {
> - if (XMLString::equalsN((*pspe)->fString, in, n))
> - return (*pspe)->fString;
> - pspe = &((*pspe)->fNext);
> + XMLCh firstN[n];
> + XMLString::copyNString(firstN,in,n);
> + if (XMLString::equals((*pspe)->fString, firstN))
> + return (*pspe)->fString;
> + pspe = &((*pspe)->fNext);
> }
> Issue:
> ======
> 1. getPooledNString computes hash of prefix and searches in fNameTable.
> 2. Once hash is found, code cheks pooledString and 'n' characters of qualifiedString. !!!!! WRONG !!!!!
> 3. if comparision is true it returns the pooled string.
> Ex:
> In case of "types:statusSet", it will compare "types:statusSet" and first 6 characters of "types:", it found comparision true. It return pooled string "types:statusSet" as prefix !!!!! WRONG !!!!!
> How to reporduce:
> =================
> Very easy to reproduce. Run the sample program I have attached.
>
> Resolution:
> ===========
> I have attached patch file with resolution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org
[jira] Updated: (XERCESC-1940) Problem in prefix parsing while
creating Documnet, Element, Attributes on all platforms : Issue is in
poolString creation
Posted by "Boris Kolpackov (JIRA)" <xe...@xml.apache.org>.
[ https://issues.apache.org/jira/browse/XERCESC-1940?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Boris Kolpackov updated XERCESC-1940:
-------------------------------------
Fix Version/s: 3.1.2
3.2.0
Thanks for the report, Anil. I am scheduling this for 3.1.2 and 3.2.0. Though the patch doesn't look portable (dynamic allocation of an array).
> Problem in prefix parsing while creating Documnet, Element, Attributes on all platforms : Issue is in poolString creation
> -------------------------------------------------------------------------------------------------------------------------
>
> Key: XERCESC-1940
> URL: https://issues.apache.org/jira/browse/XERCESC-1940
> Project: Xerces-C++
> Issue Type: Bug
> Components: DOM
> Affects Versions: 3.0.1, 3.1.1
> Environment: ALL Platform, ALL OS
> Reporter: Anil G Pandge
> Priority: Critical
> Fix For: 3.1.2, 3.2.0
>
> Attachments: DOMDocumentImpl.hpp.patch, MainPro.cpp
>
>
> Description:
> ============
> When I create a DOM document using xerces APIs, for very specific input its creating wrong payload. This is observable on 64-bit but on 32-bit. For testing I have written sample with createDocument API which creates DOM document and print it in string format.
> I ran the test on following inputs:
> createDocument("types:statusSet","http://xyz.com");
> createDocument function just create dom document and prints payloads. Following is the outputs of above string on 32-bit machine.
> 32 bit platforms output:
> prefix = types:statusSet
> LocalName = statusSet
> doc = <types:statusSet xmlns:types:statusSet="http://xyz.com"/>
> ===================
> Severity : Critical
> ===================
> Platforms: ALL
> ==============
> Cause and resolution
> ====================
> I debugged xerces code, issue is in
> File : "DOMDocumentImpl.hpp"
> Function : "DOMDocumentImpl::getPooledNString(const XMLCh *in, XMLSize_t n)"
> Patch:
> ======
> --- DOMDocumentImpl.hpp 2008-07-24 15:58:29.000000000 +0530
> +++ /data/eclipse_workspace/CppIT-3.1.0/XercesTEst/src/xercesc/dom/impl/DOMDocumentImpl.hpp 2010-08-22 10:36:18.000000000 +0530
> @@ -401,9 +401,11 @@
> pspe = &fNameTable[inHash];
> while (*pspe != 0)
> {
> - if (XMLString::equalsN((*pspe)->fString, in, n))
> - return (*pspe)->fString;
> - pspe = &((*pspe)->fNext);
> + XMLCh firstN[n];
> + XMLString::copyNString(firstN,in,n);
> + if (XMLString::equals((*pspe)->fString, firstN))
> + return (*pspe)->fString;
> + pspe = &((*pspe)->fNext);
> }
> Issue:
> ======
> 1. getPooledNString computes hash of prefix and searches in fNameTable.
> 2. Once hash is found, code cheks pooledString and 'n' characters of qualifiedString. !!!!! WRONG !!!!!
> 3. if comparision is true it returns the pooled string.
> Ex:
> In case of "types:statusSet", it will compare "types:statusSet" and first 6 characters of "types:", it found comparision true. It return pooled string "types:statusSet" as prefix !!!!! WRONG !!!!!
> How to reporduce:
> =================
> Very easy to reproduce. Run the sample program I have attached.
>
> Resolution:
> ===========
> I have attached patch file with resolution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org
[jira] Commented: (XERCESC-1940) Problem in prefix parsing while
creating Documnet, Element, Attributes on all platforms : Issue is in
poolString creation
Posted by "Oscar Ciurana (JIRA)" <xe...@xml.apache.org>.
[ https://issues.apache.org/jira/browse/XERCESC-1940?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12916558#action_12916558 ]
Oscar Ciurana commented on XERCESC-1940:
----------------------------------------
You can ensure the pooled string is 'n' chars long adding a condition in the 'if' statement:
if (XMLString::equalsN((*pspe)->fString, in, n) && (*pspe)->fString[n] == L'\0' )
this solution no requires the generation of a copy of the source string.
> Problem in prefix parsing while creating Documnet, Element, Attributes on all platforms : Issue is in poolString creation
> -------------------------------------------------------------------------------------------------------------------------
>
> Key: XERCESC-1940
> URL: https://issues.apache.org/jira/browse/XERCESC-1940
> Project: Xerces-C++
> Issue Type: Bug
> Components: DOM
> Affects Versions: 3.0.1, 3.1.1
> Environment: ALL Platform, ALL OS
> Reporter: Anil G Pandge
> Priority: Critical
> Fix For: 3.1.2, 3.2.0
>
> Attachments: DOMDocumentImpl.hpp.patch, MainPro.cpp
>
>
> Description:
> ============
> When I create a DOM document using xerces APIs, for very specific input its creating wrong payload. This is observable on 64-bit but on 32-bit. For testing I have written sample with createDocument API which creates DOM document and print it in string format.
> I ran the test on following inputs:
> createDocument("types:statusSet","http://xyz.com");
> createDocument function just create dom document and prints payloads. Following is the outputs of above string on 32-bit machine.
> 32 bit platforms output:
> prefix = types:statusSet
> LocalName = statusSet
> doc = <types:statusSet xmlns:types:statusSet="http://xyz.com"/>
> ===================
> Severity : Critical
> ===================
> Platforms: ALL
> ==============
> Cause and resolution
> ====================
> I debugged xerces code, issue is in
> File : "DOMDocumentImpl.hpp"
> Function : "DOMDocumentImpl::getPooledNString(const XMLCh *in, XMLSize_t n)"
> Patch:
> ======
> --- DOMDocumentImpl.hpp 2008-07-24 15:58:29.000000000 +0530
> +++ /data/eclipse_workspace/CppIT-3.1.0/XercesTEst/src/xercesc/dom/impl/DOMDocumentImpl.hpp 2010-08-22 10:36:18.000000000 +0530
> @@ -401,9 +401,11 @@
> pspe = &fNameTable[inHash];
> while (*pspe != 0)
> {
> - if (XMLString::equalsN((*pspe)->fString, in, n))
> - return (*pspe)->fString;
> - pspe = &((*pspe)->fNext);
> + XMLCh firstN[n];
> + XMLString::copyNString(firstN,in,n);
> + if (XMLString::equals((*pspe)->fString, firstN))
> + return (*pspe)->fString;
> + pspe = &((*pspe)->fNext);
> }
> Issue:
> ======
> 1. getPooledNString computes hash of prefix and searches in fNameTable.
> 2. Once hash is found, code cheks pooledString and 'n' characters of qualifiedString. !!!!! WRONG !!!!!
> 3. if comparision is true it returns the pooled string.
> Ex:
> In case of "types:statusSet", it will compare "types:statusSet" and first 6 characters of "types:", it found comparision true. It return pooled string "types:statusSet" as prefix !!!!! WRONG !!!!!
> How to reporduce:
> =================
> Very easy to reproduce. Run the sample program I have attached.
>
> Resolution:
> ===========
> I have attached patch file with resolution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org