You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@xerces.apache.org by sc...@apache.org on 2016/06/10 01:38:35 UTC
svn commit: r1747619 - in
/xerces/c/branches/xerces-3.1/src/xercesc/validators/DTD: DTDScanner.cpp
DTDScanner.hpp
Author: scantor
Date: Fri Jun 10 01:38:34 2016
New Revision: 1747619
URL: http://svn.apache.org/viewvc?rev=1747619&view=rev
Log:
https://issues.apache.org/jira/browse/XERCESC-2066
https://issues.apache.org/jira/browse/XERCESC-2069
Modified:
xerces/c/branches/xerces-3.1/src/xercesc/validators/DTD/DTDScanner.cpp
xerces/c/branches/xerces-3.1/src/xercesc/validators/DTD/DTDScanner.hpp
Modified: xerces/c/branches/xerces-3.1/src/xercesc/validators/DTD/DTDScanner.cpp
URL: http://svn.apache.org/viewvc/xerces/c/branches/xerces-3.1/src/xercesc/validators/DTD/DTDScanner.cpp?rev=1747619&r1=1747618&r2=1747619&view=diff
==============================================================================
--- xerces/c/branches/xerces-3.1/src/xercesc/validators/DTD/DTDScanner.cpp (original)
+++ xerces/c/branches/xerces-3.1/src/xercesc/validators/DTD/DTDScanner.cpp Fri Jun 10 01:38:34 2016
@@ -44,6 +44,8 @@
XERCES_CPP_NAMESPACE_BEGIN
+#define CONTENTSPEC_DEPTH_LIMIT 1000
+
// ---------------------------------------------------------------------------
// Local methods
// ---------------------------------------------------------------------------
@@ -1038,8 +1040,13 @@ bool DTDScanner::scanCharRef(XMLCh& firs
ContentSpecNode*
-DTDScanner::scanChildren(const DTDElementDecl& elemDecl, XMLBuffer& bufToUse)
+DTDScanner::scanChildren(const DTDElementDecl& elemDecl, XMLBuffer& bufToUse, unsigned int& depth)
{
+ if (depth++ > CONTENTSPEC_DEPTH_LIMIT) {
+ fScanner->emitError(XMLErrs::UnterminatedDOCTYPE);
+ return 0;
+ }
+
// Check for a PE ref here, but don't require spaces
checkForPERef(false, true);
@@ -1240,7 +1247,7 @@ DTDScanner::scanChildren(const DTDElemen
// Recurse to handle this new guy
ContentSpecNode* subNode;
try {
- subNode = scanChildren(elemDecl, bufToUse);
+ subNode = scanChildren(elemDecl, bufToUse, depth);
}
catch (const XMLErrs::Codes)
{
@@ -1577,7 +1584,8 @@ bool DTDScanner::scanContentSpec(DTDElem
//
toFill.setModelType(DTDElementDecl::Children);
XMLBufBid bbTmp(fBufMgr);
- ContentSpecNode* resNode = scanChildren(toFill, bbTmp.getBuffer());
+ unsigned int depth = 0;
+ ContentSpecNode* resNode = scanChildren(toFill, bbTmp.getBuffer(), depth);
status = (resNode != 0);
if (status)
toFill.setContentSpec(resNode);
@@ -2509,7 +2517,15 @@ void DTDScanner::scanExtSubsetDecl(const
{
while (true)
{
- const XMLCh nextCh = fReaderMgr->peekNextChar();
+ XMLCh nextCh;
+
+ try {
+ nextCh = fReaderMgr->peekNextChar();
+ }
+ catch (XMLException& ex) {
+ fScanner->emitError(XMLErrs::XMLException_Fatal, ex.getCode(), ex.getMessage(), NULL, NULL);
+ nextCh = chNull;
+ }
if (!nextCh)
{
Modified: xerces/c/branches/xerces-3.1/src/xercesc/validators/DTD/DTDScanner.hpp
URL: http://svn.apache.org/viewvc/xerces/c/branches/xerces-3.1/src/xercesc/validators/DTD/DTDScanner.hpp?rev=1747619&r1=1747618&r2=1747619&view=diff
==============================================================================
--- xerces/c/branches/xerces-3.1/src/xercesc/validators/DTD/DTDScanner.hpp (original)
+++ xerces/c/branches/xerces-3.1/src/xercesc/validators/DTD/DTDScanner.hpp Fri Jun 10 01:38:34 2016
@@ -143,6 +143,7 @@ private:
(
const DTDElementDecl& elemDecl
, XMLBuffer& bufToUse
+ , unsigned int& depth
);
bool scanCharRef(XMLCh& toFill, XMLCh& second);
void scanComment();
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@xerces.apache.org
For additional commands, e-mail: commits-help@xerces.apache.org