You are viewing a plain text version of this content. The canonical link for it is here.

Posted to c-dev@xerces.apache.org by "Alberto Massari (JIRA)" <xe...@xml.apache.org> on 2007/02/23 13:41:06 UTC

[jira] Resolved: (XERCESC-1679) xercesc_2_7::XMLUTF8Transcoder::transcodeFrom has a Conditional jump or move depends on uninitialised value.

     [ https://issues.apache.org/jira/browse/XERCESC-1679?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Alberto Massari resolved XERCESC-1679.
--------------------------------------

    Resolution: Duplicate

Duplicate of XERCESC-1555

> xercesc_2_7::XMLUTF8Transcoder::transcodeFrom has a Conditional jump or move depends on uninitialised value.
> ------------------------------------------------------------------------------------------------------------
>
>                 Key: XERCESC-1679
>                 URL: https://issues.apache.org/jira/browse/XERCESC-1679
>             Project: Xerces-C++
>          Issue Type: Bug
>          Components: Utilities
>    Affects Versions: 2.7.0
>         Environment: Linux rhes-4 i686 gcc-3-2-3  32 bit
>            Reporter: Philippe Forest
>
> The problem is that the value of the poiter get checked before the check to see if you have passed the end of the input buffer.
> in the file :XMLUTF8Transcoder.cpp on position 157.
> current code:
>             } while (*srcPtr <= 127    &&     // <- this can cause a crash if this memory is not your.
>                       srcPtr != srcEnd &&
>                       outPtr != outEnd );
> should be:
>             } while (
>                       srcPtr != srcEnd &&         // first check the end
>                       *srcPtr <= 127    &&        // then the content
>                       outPtr != outEnd );
> See valrind log:
> Thanks Let me know if you need more details.
> Phil.
> ==25072== Conditional jump or move depends on uninitialised value(s)
> ==25072==    at 0x5170D2A: xercesc_2_7::XMLUTF8Transcoder::transcodeFrom(unsigned char const*, unsigned, unsigned short*, unsigned, unsigned&, unsigned char*) (XMLUTF8Transcoder.cpp:157)
> ==25072==    by 0x5158D2F: xercesc_2_7::XMLReader::xcodeMoreChars(unsigned short*, unsigned char*, unsigned) (XMLReader.cpp:1707)
> ==25072==    by 0x5156FC9: xercesc_2_7::XMLReader::refreshCharBuffer() (XMLReader.cpp:498)
> ==25072==    by 0x50BB3A7: xercesc_2_7::XMLReader::peekNextChar(unsigned short&) (XMLReader.hpp:759)
> ==25072==    by 0x50B933A: xercesc_2_7::ReaderMgr::peekNextChar() (ReaderMgr.cpp:163)
> ==25072==    by 0x515DFA6: xercesc_2_7::XMLScanner::scanProlog() (XMLScanner.cpp:1237)
> ==25072==    by 0x5085CC6: xercesc_2_7::IGXMLScanner::scanDocument(xercesc_2_7::InputSource const&) (IGXMLScanner.cpp:202)
> ==25072==    by 0x50CC048: xercesc_2_7::SAX2XMLReaderImpl::parse(xercesc_2_7::InputSource const&) (SAX2XMLReaderImpl.cpp:396)
> ...

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org