You are viewing a plain text version of this content. The canonical link for it is here.

Posted to c-dev@xerces.apache.org by GitBox <gi...@apache.org> on 2021/12/04 16:47:07 UTC

[GitHub] [xerces-c] rouault opened a new pull request #44: DFAContentModel::buildDFA(): fix memory leaks when OutOfMemoryException occurs

rouault opened a new pull request #44:
URL: https://github.com/apache/xerces-c/pull/44


   
   Fixes GDAL's https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41335


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org

[GitHub] [xerces-c] rouault commented on a change in pull request #44: [XERCESC-2233] DFAContentModel::buildDFA(): fix memory leaks when OutOfMemoryException occurs

Posted by GitBox <gi...@apache.org>.

rouault commented on a change in pull request #44:
URL: https://github.com/apache/xerces-c/pull/44#discussion_r762457868



##########
File path: src/xercesc/validators/common/DFAContentModel.cpp
##########
@@ -1191,12 +1203,21 @@ void DFAContentModel::buildDFA(ContentSpecNode* const curNode)
                     //  table.
                     //
                     statesToDo[curState] = newSet;
-                    fTransTable[curState] = makeDefStateList();
-                    stateTable->put
-                    (
-                        newSet
-                        , new (fMemoryManager) XMLInteger(curState)
-                    );
+                    try
+                    {
+                        fTransTable[curState] = makeDefStateList();
+                        stateTable->put
+                        (
+                            newSet
+                            , new (fMemoryManager) XMLInteger(curState)
+                        );
+                    }
+                    catch( const OutOfMemoryException& e )
+                    {
+                        oomException = e;

Review comment:
       > 
   
   possibly. I didn't want to change the code too much. Your suggestion will probably involve moving the cleanup code in a lambda function that will be called at the end of the nominal code path and in the catch() block.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre commented on a change in pull request #44: [XERCESC-2233] DFAContentModel::buildDFA(): fix memory leaks when OutOfMemoryException occurs

Posted by GitBox <gi...@apache.org>.

rleigh-codelibre commented on a change in pull request #44:
URL: https://github.com/apache/xerces-c/pull/44#discussion_r762456999



##########
File path: src/xercesc/validators/common/DFAContentModel.cpp
##########
@@ -1191,12 +1203,21 @@ void DFAContentModel::buildDFA(ContentSpecNode* const curNode)
                     //  table.
                     //
                     statesToDo[curState] = newSet;
-                    fTransTable[curState] = makeDefStateList();
-                    stateTable->put
-                    (
-                        newSet
-                        , new (fMemoryManager) XMLInteger(curState)
-                    );
+                    try
+                    {
+                        fTransTable[curState] = makeDefStateList();
+                        stateTable->put
+                        (
+                            newSet
+                            , new (fMemoryManager) XMLInteger(curState)
+                        );
+                    }
+                    catch( const OutOfMemoryException& e )
+                    {
+                        oomException = e;

Review comment:
       How safe is the saving and re-throwing of the exception?  Is there any potential for `OutOfMemoryException& e` to be a reference to a base class?  Could `e` end up being truncated as a result?  A direct `throw` to rethrow the existing exception might be safer overall, and avoid the need for a goto.
   
   Could we achieve the same effect with a higher-level try/catch block within the function, and avoid the saving of the exception and the goto?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org

[GitHub] [xerces-c] rouault commented on pull request #44: [XERCESC-2233] DFAContentModel::buildDFA(): fix memory leaks when OutOfMemoryException occurs

Posted by GitBox <gi...@apache.org>.

rouault commented on pull request #44:
URL: https://github.com/apache/xerces-c/pull/44#issuecomment-986261189


   I've updated the commit with the above strategy I mentioned in https://github.com/apache/xerces-c/pull/44#discussion_r762457868. The diff might be hard to read because of the indentation changes, but the changes themselves are relatively simple and consist in:
   - moving https://github.com/apache/xerces-c/blob/8ac9637b4a54e0b0a52e59b0299aaa974e8fc453/src/xercesc/validators/common/DFAContentModel.cpp#L1006 to https://github.com/apache/xerces-c/blob/8ac9637b4a54e0b0a52e59b0299aaa974e8fc453/src/xercesc/validators/common/DFAContentModel.cpp#L1264 of one indentation level in a try {} block
   - moving https://github.com/apache/xerces-c/blob/8ac9637b4a54e0b0a52e59b0299aaa974e8fc453/src/xercesc/validators/common/DFAContentModel.cpp#L1266 to https://github.com/apache/xerces-c/blob/8ac9637b4a54e0b0a52e59b0299aaa974e8fc453/src/xercesc/validators/common/DFAContentModel.cpp#L1329 in the finalizeProcessingAndCleanup() lambda
   - calling that lambda after the try {} block in the nominal case, and in the catch ( OutOfMemoryException ) block
   - and doing the memory allocations https://github.com/apache/xerces-c/blob/master/src/xercesc/validators/common/DFAContentModel.cpp#L1228 to https://github.com/apache/xerces-c/blob/8ac9637b4a54e0b0a52e59b0299aaa974e8fc453/src/xercesc/validators/common/DFAContentModel.cpp#L1249 in a inner try {} catch (OutOfMemoryException) block, to do specific cleanups of those temporary arrays in case an exception is thrown


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org