You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-dev@xerces.apache.org by bu...@apache.org on 2003/11/13 23:58:08 UTC
DO NOT REPLY [Bug 24693] New: -
DOMNode::getTextContent() corrupts heap
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24693>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24693
DOMNode::getTextContent() corrupts heap
Summary: DOMNode::getTextContent() corrupts heap
Product: Xerces-C++
Version: 2.3.0
Platform: PC
OS/Version: Windows NT/2K
Status: NEW
Severity: Major
Priority: Other
Component: DOM
AssignedTo: xerces-c-dev@xml.apache.org
ReportedBy: nkrochik@yahoo.com
The following code (Win32 console app) crashes with attached XML (please don't
change anything in XML to be able to reproduce) if _REPRODUCEBUG defined
In debug mode:
Damage: after Normal block (#1321) at 0x005C73D0
Code
================================================================================
// Bug.cpp : Defines the entry point for the console application.
//
#include <string>
#include <fstream>
#include <xercesc/dom/DOM.hpp>
#include <xercesc/parsers/XercesDOMParser.hpp>
#include <xercesc/framework/MemBufInputSource.hpp>
XERCES_CPP_NAMESPACE_USE
#include <xercesc/util/PlatformUtils.hpp>
using namespace std;
string readFile(const char *fName)
{
char buf[512];
string xml;
std::ifstream stream(fName);
if (stream.good())
while (!stream.eof())
{
stream.read(buf, sizeof buf);
unsigned cnt = stream.gcount();
if (cnt > sizeof buf)
cnt = sizeof buf;
//remove ends of lines
for (char *p = buf; p < buf + cnt; p++)
if (*p != '\n' && *p != '\r' && *p != '\t')
xml.append(1, *p);
}
return xml;
}
#define _REPRODUCEBUG
void parse(const char * xml_)
{
XMLPlatformUtils::Initialize();
XercesDOMParser parser;
MemBufInputSource memBufIS((const XMLByte*)xml_, strlen
(xml_), "BufferId", false);
parser.parse(memBufIS);
DOMDocument *pDoc = parser.getDocument();
DOMElement *pRoot = pDoc->getDocumentElement();
DOMNode *pNode, *pChild;
DOMNodeList *pList;
pList = pRoot->getElementsByTagName (L"Parameters");
pNode = pList->item(0)->getFirstChild();
while (pNode != 0)
{
const XMLCh *name = pNode->getNodeName();
if (XMLString::compareIString(name, L"Object1234567890") == 0)
{
pChild = pNode->getFirstChild();
pList = ((DOMElement *)pChild)->getElementsByTagName
(L"Points");
DOMNode *pNd = pList->item(0)->getFirstChild();
while (pNd != 0)
{
if (XMLString::compareIString(pNd->getNodeName
(), L"Point") == 0)
{
const XMLCh *p;
pChild = pNd->getFirstChild();
while (pChild != 0)
{
const XMLCh *name = pChild-
>getNodeName();
if (XMLString::compareIString
(name, L"CoordX") == 0)
{
#ifdef _REPRODUCEBUG
p = pChild-
>getTextContent();
#else
DOMNode *pN = pChild-
>getFirstChild();
p = ((DOMCharacterData*)
pN)->getData();
#endif
}
else if
(XMLString::compareIString(name, L"CoordY") == 0)
{
#ifdef _REPRODUCEBUG
p = pChild-
>getTextContent();
#else
DOMNode *pN = pChild-
>getFirstChild();
p = ((DOMCharacterData*)
pN)->getData();
#endif
}
pChild = pChild -
>getNextSibling();
}
}
pNd = pNd->getNextSibling();
}
}
pNode = pNode->getNextSibling();
}
}
int main()
{
string xml = readFile("c:\\Bug\\Test.xml");
parse(xml.c_str());
// RequestData reqData;
// reqData.parseRequestXML(xml);
return 0;
}
XML
================================================================================
<ExampleRequest function="GenericExampleRequest">
<Parameters>
<Option1 type="boolean" value="false"/>
<Option2 type="boolean" value="false"/>
<Option3 type="boolean" value="false"/>
<Option4 type="boolean" value="true"/>
<Date1 type="date" value="20031103"/>
<Date2 type="date" value="20031103"/>
<ObjectId type="integer" value="237080"/>
<Object1234567890 type="object">
<Obj>
<Header>
<StringParameter
type="string">SomeString</StringParameter>
</Header>
<Parameters>
<Param1 type="string">abcdefg</Param1>
<Param2 type="integer">4</Param2>
<Param3 type="doubld">0.25</Param3>
</Parameters>
<Points>
<Point>
<CoordX
type="double">0.25</CoordX>
<CoordY
type="double">3.01365883792156E-02</CoordY>
</Point>
<Point>
<CoordX
type="double">0.5</CoordX>
<CoordY
type="double">3.01365883792156E-02</CoordY>
</Point>
<Point>
<CoordX
type="double">0.75</CoordX>
<CoordY
type="double">3.01365883792156E-02</CoordY>
</Point>
<Point>
<CoordX type="double">1</CoordX>
<CoordY
type="double">3.01365883792156E-02</CoordY>
</Point>
<Point>
<CoordX type="double">2</CoordX>
<CoordY
type="double">3.01365883792156E-02</CoordY>
</Point>
<Point>
<CoordX type="double">3</CoordX>
<CoordY
type="double">3.01365883792156E-02</CoordY>
</Point>
<Point>
<CoordX type="double">4</CoordX>
<CoordY
type="double">3.01365883792156E-02</CoordY>
</Point>
<Point>
<CoordX type="double">5</CoordX>
<CoordY
type="double">3.01365883792156E-02</CoordY>
</Point>
<Point>
<CoordX type="double">7</CoordX>
<CoordY
type="double">3.01365883792156E-02</CoordY>
</Point>
<Point>
<CoordX
type="double">10</CoordX>
<CoordY
type="double">3.01365883792156E-02</CoordY>
</Point>
<Point>
<CoordX
type="double">15</CoordX>
<CoordY
type="double">3.01365883792156E-02</CoordY>
</Point>
<Point>
<CoordX
type="double">20</CoordX>
<CoordY
type="double">3.01365883792156E-02</CoordY>
</Point>
<Point>
<CoordX
type="double">30</CoordX>
<CoordY
type="double">3.01365883792156E-02</CoordY>
</Point>
</Points>
</Obj>
</Object1234567890>
<SecondObject type="object">
<SomeType Identity="1747" ProtectionValue="-122400000"
TheVeryFirstDateStringqwertyu="20110314" StringParameter="qwerty"
StringParameter2="official@/curve.swap/ldnclose/eur/mid/libor"
StringParameter3="3B" StringParameter4="NewYork" StringParameter5="Chicago"
StringParameter6="Normal">
<ScheduleData Param1="2" Param2="asdfgh"
Param3="Back" Date1="20010314" Date2="20010914" Date3="20110314"
Value1="Following" Value2="14" OptionA="false" OptionB="true"/>
<AssetData>
<AssetName>
<ScheduleABCDEFG>
<Item Date="20030815"
Value="102000000"/>
<Item Date="20040215"
Value="102000000"/>
<Item Date="20040815"
Value="102000000"/>
<Item Date="20050215"
Value="102000000"/>
<Item Date="20050815"
Value="102000000"/>
<Item Date="20060215"
Value="102000000"/>
<Item Date="20060815"
Value="102000000"/>
<Item Date="20070215"
Value="102000000"/>
<Item Date="20070815"
Value="102000000"/>
<Item Date="20080215"
Value="102000000"/>
<Item Date="20080815"
Value="102000000"/>
<Item Date="20090215"
Value="97882579.4604201"/>
<Item Date="20090815"
Value="49882579.4604201"/>
<Item Date="20100215"
Value="30882579.4604201"/>
<Item Date="20100815"
Value="15882579.4604201"/>
<Item Date="20110215"
Value="0"/>
<Item Date="20110815"
Value="0"/>
<Item Date="20120215"
Value="0"/>
<Item Date="20120815"
Value="0"/>
<Item Date="20130215"
Value="0"/>
<Item Date="20130815"
Value="0"/>
<Item Date="20140215"
Value="0"/>
<Item Date="20140815"
Value="0"/>
<Item Date="20150215"
Value="0"/>
<Item Date="20150815"
Value="0"/>
<Item Date="20160215"
Value="0"/>
<Item Date="20160815"
Value="0"/>
<Item Date="20170215"
Value="0"/>
<Item Date="20170815"
Value="0"/>
<Item Date="20180215"
Value="0"/>
<Item Date="20180815"
Value="0"/>
<Item Date="20190215"
Value="0"/>
<Item Date="20190815"
Value="0"/>
<Item Date="20200215"
Value="0"/>
<Item Date="20200815"
Value="0"/>
<Item Date="20210215"
Value="0"/>
<Item Date="20210815"
Value="0"/>
<Item Date="20220215"
Value="0"/>
<Item Date="20220815"
Value="0"/>
<Item Date="20230215"
Value="0"/>
<Item Date="20230815"
Value="0"/>
<Item Date="20240215"
Value="0"/>
<Item Date="20240815"
Value="0"/>
<Item Date="20250215"
Value="0"/>
<Item Date="20250815"
Value="0"/>
<Item Date="20260215"
Value="0"/>
<Item Date="20260815"
Value="0"/>
<Item Date="20270215"
Value="0"/>
<Item Date="20270815"
Value="0"/>
<Item Date="20280215"
Value="0"/>
<Item Date="20280815"
Value="0"/>
<Item Date="20290215"
Value="0"/>
<Item Date="20290815"
Value="0"/>
</ScheduleABCDEFG>
<Schedule1234567688>
<Item Date="20010201"
Value="1"/>
</Schedule1234567688>
</AssetName>
</AssetData>
<AdditionalData DoubleValue="3.141592"/>
</SomeType>
</SecondObject>
<ThirdObjectId type="integer" value="237080"/>
<ThirdObjectABCDEFG type="object">
<Obj>
<Header>
<StringParameter
type="string">SomeString</StringParameter>
</Header>
<Parameters>
<Param1 type="string">abcdefg</Param1>
<Param2 type="integer">4</Param2>
<Param3 type="doubld">0.25</Param3>
</Parameters>
<Points>
<Point>
<CoordX
type="double">0.25</CoordX>
<CoordY
type="double">3.01365883792156E-02</CoordY>
</Point>
<Point>
<CoordX
type="double">0.5</CoordX>
<CoordY
type="double">3.01365883792156E-02</CoordY>
</Point>
<Point>
<CoordX
type="double">0.75</CoordX>
<CoordY
type="double">3.01365883792156E-02</CoordY>
</Point>
<Point>
<CoordX type="double">1</CoordX>
<CoordY
type="double">3.01365883792156E-02</CoordY>
</Point>
<Point>
<CoordX type="double">2</CoordX>
<CoordY
type="double">3.01365883792156E-02</CoordY>
</Point>
<Point>
<CoordX type="double">3</CoordX>
<CoordY
type="double">3.01365883792156E-02</CoordY>
</Point>
<Point>
<CoordX type="double">4</CoordX>
<CoordY
type="double">3.01365883792156E-02</CoordY>
</Point>
<Point>
<CoordX type="double">5</CoordX>
<CoordY
type="double">3.01365883792156E-02</CoordY>
</Point>
<Point>
<CoordX type="double">7</CoordX>
<CoordY
type="double">3.01365883792156E-02</CoordY>
</Point>
<Point>
<CoordX
type="double">10</CoordX>
<CoordY
type="double">3.01365883792156E-02</CoordY>
</Point>
<Point>
<CoordX
type="double">15</CoordX>
<CoordY
type="double">3.01365883792156E-02</CoordY>
</Point>
<Point>
<CoordX
type="double">20</CoordX>
<CoordY
type="double">3.01365883792156E-02</CoordY>
</Point>
<Point>
<CoordX
type="double">30</CoordX>
<CoordY
type="double">3.01365883792156E-02</CoordY>
</Point>
</Points>
</Obj>
</ThirdObjectABCDEFG>
</Parameters>
</ExampleRequest>
---------------------------------------------------------------------
To unsubscribe, e-mail: xerces-c-dev-unsubscribe@xml.apache.org
For additional commands, e-mail: xerces-c-dev-help@xml.apache.org