You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-dev@xerces.apache.org by bu...@apache.org on 2001/10/08 10:36:35 UTC

DO NOT REPLY [Bug 4019] New: - XMLReader::getNextChar can over read (UTF-16)

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=4019>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=4019

XMLReader::getNextChar can over read (UTF-16)

           Summary: XMLReader::getNextChar can over read (UTF-16)
           Product: Xerces-C++
           Version: 1.5.1
          Platform: All
        OS/Version: Windows NT/2K
            Status: NEW
          Severity: Major
          Priority: Other
         Component: Non-Validating Parser
        AssignedTo: xerces-c-dev@xml.apache.org
        ReportedBy: phil@amaran.demon.co.uk


This code in XMLReader::getNextChar -

        // If the buffer is empty, then try to refresh
        if (fCharIndex == fCharsAvail)
        {
            if (!refreshCharBuffer())
            {
                // If still empty, then return false
                if (fCharIndex == fCharsAvail)
                    return false;
            }
        }

- can fail.  The first call refreshCharBuffer will lead to another call to 
getNextChar in order to skip over the BOM for UTF-16.  If the only character in 
the stream at the time of the call happens to be the BOM then fCharIndex will 
equal fCharsAvail (they will be both one), but since this isn't checked, the 
next call into getNextChar will cause fCharIndex to become greater than 
fCharsAvail.  The effect of this is that getNextChar continues to return true 
even when the stream has been exhausted (and an exception is raised).

The above code should read -

        // If the buffer is empty, then try to refresh
        if (fCharIndex == fCharsAvail)
        {
            refreshCharBuffer();

            // If still empty, then return false
            if (fCharIndex == fCharsAvail)
                return false;
        }

- ie. don't check the return from refreshCharBuffer - instead rely on the index 
still being the same as the chars available.

---------------------------------------------------------------------
To unsubscribe, e-mail: xerces-c-dev-unsubscribe@xml.apache.org
For additional commands, e-mail: xerces-c-dev-help@xml.apache.org