You are viewing a plain text version of this content. The canonical link for it is here.

Posted to c-dev@xerces.apache.org by rl...@apache.org on 2022/03/13 07:48:11 UTC

[xerces-c] branch master updated: DFAContentModel::buildDFA(): correctly zero-initialize fFollowList

This is an automated email from the ASF dual-hosted git repository.

rleigh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/xerces-c.git


The following commit(s) were added to refs/heads/master by this push:
     new ef2e9b4  DFAContentModel::buildDFA(): correctly zero-initialize fFollowList
     new 045bdf8  Merge pull request #45 from rouault/fix_wrong_init
ef2e9b4 is described below

commit ef2e9b4b94bef326ff03a9f3e12145317424ce0a
Author: Even Rouault <ev...@spatialys.com>
AuthorDate: Mon Dec 20 20:13:02 2021 +0100

    DFAContentModel::buildDFA(): correctly zero-initialize fFollowList
    
    Due to a copy&paste issue, the intended zero-initialization of
    fFollowList wasn't done (copy&paste issue), and thus in case of
    OutOfMemory exception when initializing the array, the memory freeing in
    cleanup() could access uninitialized elements.
    
    Follow-up of https://github.com/apache/xerces-c/pull/40 / a65990d79d3fc333d7481f010da4e165a88b6cb3
    
    Fixes GDAL's https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42636
---
 src/xercesc/validators/common/DFAContentModel.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/xercesc/validators/common/DFAContentModel.cpp b/src/xercesc/validators/common/DFAContentModel.cpp
index 6d6b124..856f88f 100644
--- a/src/xercesc/validators/common/DFAContentModel.cpp
+++ b/src/xercesc/validators/common/DFAContentModel.cpp
@@ -682,7 +682,7 @@ void DFAContentModel::buildDFA(ContentSpecNode* const curNode)
     (
         fLeafCount * sizeof(CMStateSet*)
     ); //new CMStateSet*[fLeafCount];
-    memset(fLeafList, 0, fLeafCount*sizeof(CMStateSet*));
+    memset(fFollowList, 0, fLeafCount*sizeof(CMStateSet*));
     for (index = 0; index < fLeafCount; index++)
         fFollowList[index] = new (fMemoryManager) CMStateSet(fLeafCount, fMemoryManager);
 

---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org