You are viewing a plain text version of this content. The canonical link for it is here.

Posted to c-dev@xerces.apache.org by xe...@xml.apache.org on 2004/10/12 18:07:51 UTC

[jira] Resolved: (XERCESC-1251) makeContentModel in ComplexTypeInfo could crash Xerces when creating a MixedContentModel

Message:

   The following issue has been resolved as FIXED.

   Resolver: cargilld
       Date: Tue, 12 Oct 2004 9:06 AM

Updating resolution to fixed, as Khaled checked in a change a while ago.
---------------------------------------------------------------------
View the issue:
  http://issues.apache.org/jira/browse/XERCESC-1251

Here is an overview of the issue:
---------------------------------------------------------------------
        Key: XERCESC-1251
    Summary: makeContentModel in ComplexTypeInfo could crash Xerces when creating a MixedContentModel
       Type: Bug

     Status: Resolved
   Priority: Critical
 Resolution: FIXED

    Project: Xerces-C++
 Components: 
             Validating Parser (Schema) (Xerces 1.5 or up only)
   Versions:
             2.5.0

   Assignee: 
   Reporter: Andrew Fang

    Created: Tue, 10 Aug 2004 8:14 AM
    Updated: Tue, 12 Oct 2004 9:06 AM
Environment: Windows Xp Sp1

Description:
In makeContentModel method in complextypeinfo.cpp, the following code could crash Xerces:

        aSpecNode = new (fMemoryManager) ContentSpecNode(*fContentSpec);
        aSpecNode = convertContentSpecTree(aSpecNode, checkUPA);
        retModel = buildContentModel(aSpecNode);
        delete aSpecNode;

In the case when buildContentModel creates a MixedContentModel model, the statement "delete aSpecNode" freed fChildren in MixedContentModel. Later access to fChildren could crash Xerces.

We ran into some crashes due to this bug. One possible fix is to create a QName in the class MixedContentModel:

line 212

    for (unsigned int index = 0; index < fCount; index++) {
        fChildren[index] = new QName(*children.elementAt(index));
        fChildTypes[index] = childTypes.elementAt(index);
    }


---------------------------------------------------------------------
JIRA INFORMATION:
This message is automatically generated by JIRA.

If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa

If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: xerces-c-dev-unsubscribe@xml.apache.org
For additional commands, e-mail: xerces-c-dev-help@xml.apache.org