You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@xerces.apache.org by sc...@apache.org on 2017/07/06 19:37:57 UTC
svn commit: r1801099 - in /xerces/c/trunk/src/xercesc:
dom/impl/DOMRangeImpl.cpp util/XMLString.cpp
Author: scantor
Date: Thu Jul 6 19:37:56 2017
New Revision: 1801099
URL: http://svn.apache.org/viewvc?rev=1801099&view=rev
Log:
XERCESC-2105 - Fix potential size_t overflows
Modified:
xerces/c/trunk/src/xercesc/dom/impl/DOMRangeImpl.cpp
xerces/c/trunk/src/xercesc/util/XMLString.cpp
Modified: xerces/c/trunk/src/xercesc/dom/impl/DOMRangeImpl.cpp
URL: http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/dom/impl/DOMRangeImpl.cpp?rev=1801099&r1=1801098&r2=1801099&view=diff
==============================================================================
--- xerces/c/trunk/src/xercesc/dom/impl/DOMRangeImpl.cpp (original)
+++ xerces/c/trunk/src/xercesc/dom/impl/DOMRangeImpl.cpp Thu Jul 6 19:37:56 2017
@@ -1282,15 +1282,16 @@ DOMDocumentFragment* DOMRangeImpl::trave
else {
// Copy nodes between the start/end offsets.
DOMNode* n = getSelectedNode( fStartContainer, (int)fStartOffset );
- int cnt = (int)fEndOffset - (int)fStartOffset;
- while( cnt > 0 && n)
- {
- DOMNode* sibling = n->getNextSibling();
- DOMNode* xferNode = traverseFullySelected( n, how );
- if ( frag!=0 )
- frag->appendChild( xferNode );
- --cnt;
- n = sibling;
+ if (fEndOffset > fStartOffset) {
+ XMLSize_t cnt = fEndOffset - fStartOffset;
+ while( cnt > 0 && n) {
+ DOMNode* sibling = n->getNextSibling();
+ DOMNode* xferNode = traverseFullySelected( n, how );
+ if ( frag!=0 )
+ frag->appendChild( xferNode );
+ --cnt;
+ n = sibling;
+ }
}
}
Modified: xerces/c/trunk/src/xercesc/util/XMLString.cpp
URL: http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/util/XMLString.cpp?rev=1801099&r1=1801098&r2=1801099&view=diff
==============================================================================
--- xerces/c/trunk/src/xercesc/util/XMLString.cpp (original)
+++ xerces/c/trunk/src/xercesc/util/XMLString.cpp Thu Jul 6 19:37:56 2017
@@ -428,8 +428,9 @@ int XMLString::indexOf( const char* co
const XMLSize_t len = strlen(toSearch);
// Make sure the start index is within the XMLString bounds
- if ((int)fromIndex > ((int)len)-1)
+ if (fromIndex > len-1) {
ThrowXMLwithMemMgr(ArrayIndexOutOfBoundsException, XMLExcepts::Str_StartIndexPastEnd, manager);
+ }
for (XMLSize_t i = fromIndex; i < len; i++)
{
@@ -442,6 +443,10 @@ int XMLString::indexOf( const char* co
int XMLString::lastIndexOf(const char* const toSearch, const char ch)
{
const int len = (int)strlen(toSearch);
+ if (len < 0) {
+ return -1;
+ }
+
for (int i = len-1; i >= 0; i--)
{
if (toSearch[i] == ch)
@@ -458,8 +463,9 @@ int XMLString::lastIndexOf( const char
const XMLSize_t len = strlen(toSearch);
// Make sure the start index is within the XMLString bounds
- if ((int)fromIndex > ((int)len)-1)
+ if (fromIndex > len-1) {
ThrowXMLwithMemMgr(ArrayIndexOutOfBoundsException, XMLExcepts::Str_StartIndexPastEnd, manager);
+ }
for (int i = (int)fromIndex; i >= 0; i--)
{
@@ -1278,8 +1284,8 @@ int XMLString::patternMatch( const XMLC
return -1;
const XMLSize_t patnLen = XMLString::stringLen(pattern);
- if ( !patnLen )
- return -1;
+ if ( !patnLen )
+ return -1;
const XMLCh* srcPtr = toSearch;
const XMLCh* patnStart = toSearch;
@@ -1325,8 +1331,9 @@ int XMLString::indexOf( const XMLCh* c
const XMLSize_t len = stringLen(toSearch);
// Make sure the start index is within the XMLString bounds
- if (fromIndex >= len)
+ if (fromIndex >= len) {
ThrowXMLwithMemMgr(ArrayIndexOutOfBoundsException, XMLExcepts::Str_StartIndexPastEnd, manager);
+ }
const XMLCh* srcPtr = toSearch+fromIndex;
while (*srcPtr)
@@ -1352,8 +1359,9 @@ int XMLString::lastIndexOf( const XMLC
, MemoryManager* const manager)
{
const XMLSize_t len = stringLen(toSearch);
- if (fromIndex >= len)
+ if (fromIndex >= len) {
ThrowXMLwithMemMgr(ArrayIndexOutOfBoundsException, XMLExcepts::Str_StartIndexPastEnd, manager);
+ }
const XMLCh* srcPtr = toSearch+fromIndex;
while (srcPtr >= toSearch)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@xerces.apache.org
For additional commands, e-mail: commits-help@xerces.apache.org