You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-dev@xerces.apache.org by "Scott Cantor (JIRA)" <xe...@xml.apache.org> on 2017/05/01 19:31:04 UTC
[jira] [Comment Edited] (XERCESC-2088) Bad casting from DOMTextImpl
to DOMElementImpl
[ https://issues.apache.org/jira/browse/XERCESC-2088?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15991359#comment-15991359 ]
Scott Cantor edited comment on XERCESC-2088 at 5/1/17 7:30 PM:
---------------------------------------------------------------
Neither is safe. You're depending on the compiler's object layout behavior and while that was never "right", it is (to my understanding) now explicitly called out in the standard as unspecified behavior.
We're basically not on fire but we have to fix it, and we can't depend on the position of the member in the class.
(Also, to be clear, the compiler accepts a C-style cast. It compiles as it always has, and is silently wrong.)
was (Author: cantor.2@osu.edu):
Neither is safe. You're depending on the compiler's object layout behavior and while that was never "right", it is (to my understanding) now explicitly called out in the standard as unspecified behavior.
We're basically not on fire but we have to fix it, and we can't depend on the position of the member in the class.
> Bad casting from DOMTextImpl to DOMElementImpl
> ----------------------------------------------
>
> Key: XERCESC-2088
> URL: https://issues.apache.org/jira/browse/XERCESC-2088
> Project: Xerces-C++
> Issue Type: Bug
> Components: DOM
> Affects Versions: 3.1.1, 3.1.2, 3.1.3, 3.1.4
> Environment: ubuntu 16.04 LTS, Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz, 16GB
> Reporter: Yuseok Jeon
> Attachments: Actual_result.txt, relationship_tree.jpeg
>
>
> Hi all,
> Our recently developed type confusion detection tool reports a type_confusion error in the "xercesc/dom/imple/DOMCasts.hpp"
> xercesc/dom/imple/DOMCasts.hpp, line 146
> static inline DOMNodeImpl *castToNodeImpl(const DOMNode *p)
> {
> DOMElementImpl *pE = (DOMElementImpl *)p;
> return &(pE->fNode);
> }
> p is pointing to the object allocated as DOMTextImpl, and it is casted into DOMElementImpl. However, since DOMElementImpl is not a subobject of DOMTextImpl, it is violating C++ standard rules 5.2.9/11 (down casting is undefined if the object that the pointer to be casted points to is not a suboject of down casting type) and causes undefined behaviors.
> There are similar type-confusion cases as below links.
> - (libstdc++) https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60734
> - (Firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=1074280
> I attached a actual type confusion report and object relationship information.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org