You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-dev@xerces.apache.org by "Scott Cantor (JIRA)" <xe...@xml.apache.org> on 2017/06/29 02:03:00 UTC

[jira] [Updated] (XERCESC-2088) Bad casting from DOMTextImpl to DOMElementImpl

     [ https://issues.apache.org/jira/browse/XERCESC-2088?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Scott Cantor updated XERCESC-2088:
----------------------------------
    Attachment: casting.patch

I've come up with a large patch to the DOM that is pretty invasive. Three new interface classes are added to the impl/ code that expose the DOMNodeImpl, DOMParentNode, and DOMChildNode member objects, and the constructors for DOMNodeImpl and DOMParentNode are now maintaining backpointers to the containing DOMXXXImpl class so that the offset-based casts are now dynamic casts against a tracked pointer.

Some quick tests with DOMCount/DOMPrint against some quite large XML files are running successfully. I have a lot of performance testing to do but will probably check in the patch ahead of finishing it so I can get testing done more easily on different systems.

If the dynamic casts ever fail, which they should not, I've raised DOMExceptions to try and prevent any uncontrolled failures, but anything like that would mean the DOM was just broken by the patch.

If we don't want to do this, then the alternative is to live with the casts. I don't think there's a correct alternative to this without a total rewrite.

> Bad casting from DOMTextImpl to DOMElementImpl
> ----------------------------------------------
>
>                 Key: XERCESC-2088
>                 URL: https://issues.apache.org/jira/browse/XERCESC-2088
>             Project: Xerces-C++
>          Issue Type: Bug
>          Components: DOM
>    Affects Versions: 3.1.1, 3.1.2, 3.1.3, 3.1.4
>         Environment: ubuntu 16.04 LTS, Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz, 16GB
>            Reporter: Yuseok Jeon
>            Assignee: Scott Cantor
>             Fix For: 3.2.0
>
>         Attachments: Actual_result.txt, casting.patch, relationship_tree.jpeg
>
>
> Hi all, 
> Our recently developed type confusion detection tool reports a type_confusion error in the "xercesc/dom/imple/DOMCasts.hpp" 
> xercesc/dom/imple/DOMCasts.hpp, line 146
> static inline DOMNodeImpl *castToNodeImpl(const DOMNode *p)
> {
>     DOMElementImpl *pE = (DOMElementImpl *)p;
>     return &(pE->fNode);
> }
> p is pointing to the object allocated as DOMTextImpl, and it is casted into DOMElementImpl. However, since DOMElementImpl is not a subobject of DOMTextImpl, it is violating C++ standard rules 5.2.9/11 (down casting is undefined if the object that the pointer to be casted points to is not a suboject of down casting type) and causes undefined behaviors.
> There are similar type-confusion cases as below links. 
>  - (libstdc++) https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60734
>  - (Firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=1074280
> I attached a actual type confusion report and object relationship information. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org