You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@xalan.apache.org by "Bob Bisso (JIRA)" <xa...@xml.apache.org> on 2004/11/01 15:56:32 UTC
[jira] Created: (XALANC-438) Memory corruption when the encoding of the output of the transform is set to UTF-16
Memory corruption when the encoding of the output of the transform is set to UTF-16
------------------------------------------------------------------------------------
Key: XALANC-438
URL: http://nagoya.apache.org/jira/browse/XALANC-438
Project: XalanC
Type: Bug
Components: XalanC
Versions: 1.6, 1.8
Environment: Windows
Reporter: Bob Bisso
Memory corruption occurs when a large buffer, greater than 512 bytes
Memory corruption occurs when the encoding of the output of a transform is set to UTF-16 (either programmatically or by inserting "<xsl:output encoding='UTF-16' />" in the style sheet). The function FormatterToXML_UTF16::write() in the file FormatterToXML_UTF16.cpp (in "src\xalanc\XMLSupport" folder) is used in serializing the transformed output in UTF-16 encoding. It uses a buffer of 512 characters long to store the output before writing it to the output device. At the top of the function, it attempts to check if the length of the data (in double byte characters) it is asked to write to the output device is bigger than the size of the buffer (in bytes). So the code to handle this is not executed due to this problem, and the code merrily goes along to write the data into the buffer, hence corrupting memory. There is a second problem, and that is in the code that actually handles the case where the length of the data exceeded the buffer size, it flushes the buffer, and then use the wrong overloaded write() function to write the data to the output device.
Proposed fix, for FormatterToXML_UTF16::write() in the file FormatterToXML_UTF16.cpp, is as follows:
inline void
FormatterToXML_UTF16::write(
const XalanDOMChar* theChars,
XalanDOMString::size_type theLength)
{
if (theLength > sizeof(m_buffer)/sizeof(XalanDOMChar))
{
flushBuffer();
m_writer->write((const char*)theChars, 0, theLength * sizeof(XalanDOMChar));
}
else
{
if (m_bufferRemaining < theLength)
{
flushBuffer();
}
for(XalanDOMString::size_type i = 0; i < theLength; ++i)
{
*m_bufferPosition = theChars[i];
++m_bufferPosition;
}
m_bufferRemaining -= theLength;
}
}
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://nagoya.apache.org/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: xalan-dev-unsubscribe@xml.apache.org
For additional commands, e-mail: xalan-dev-help@xml.apache.org
[jira] Commented: (XALANC-438) Memory corruption when the encoding of the output of the transform is set to UTF-16
Posted by "June Ng (JIRA)" <xa...@xml.apache.org>.
[ http://nagoya.apache.org/jira/browse/XALANC-438?page=comments#action_54883 ]
June Ng commented on XALANC-438:
--------------------------------
Could you attach a test case (.xsl and .xml file) to reproduce this problem? Thanks!
> Memory corruption when the encoding of the output of the transform is set to UTF-16
> -----------------------------------------------------------------------------------
>
> Key: XALANC-438
> URL: http://nagoya.apache.org/jira/browse/XALANC-438
> Project: XalanC
> Type: Bug
> Components: XalanC
> Versions: 1.6, 1.8
> Environment: Windows
> Reporter: Bob Bisso
>
> Memory corruption occurs when a large buffer, greater than 512 bytes
> Memory corruption occurs when the encoding of the output of a transform is set to UTF-16 (either programmatically or by inserting "<xsl:output encoding='UTF-16' />" in the style sheet). The function FormatterToXML_UTF16::write() in the file FormatterToXML_UTF16.cpp (in "src\xalanc\XMLSupport" folder) is used in serializing the transformed output in UTF-16 encoding. It uses a buffer of 512 characters long to store the output before writing it to the output device. At the top of the function, it attempts to check if the length of the data (in double byte characters) it is asked to write to the output device is bigger than the size of the buffer (in bytes). So the code to handle this is not executed due to this problem, and the code merrily goes along to write the data into the buffer, hence corrupting memory. There is a second problem, and that is in the code that actually handles the case where the length of the data exceeded the buffer size, it flushes the buffer, and then use the wrong overloaded write() function to write the data to the output device.
> Proposed fix, for FormatterToXML_UTF16::write() in the file FormatterToXML_UTF16.cpp, is as follows:
> inline void
> FormatterToXML_UTF16::write(
> const XalanDOMChar* theChars,
> XalanDOMString::size_type theLength)
> {
> if (theLength > sizeof(m_buffer)/sizeof(XalanDOMChar))
> {
> flushBuffer();
> m_writer->write((const char*)theChars, 0, theLength * sizeof(XalanDOMChar));
> }
> else
> {
> if (m_bufferRemaining < theLength)
> {
> flushBuffer();
> }
> for(XalanDOMString::size_type i = 0; i < theLength; ++i)
> {
> *m_bufferPosition = theChars[i];
> ++m_bufferPosition;
> }
> m_bufferRemaining -= theLength;
> }
> }
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://nagoya.apache.org/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: xalan-dev-unsubscribe@xml.apache.org
For additional commands, e-mail: xalan-dev-help@xml.apache.org
[jira] Resolved: (XALANC-438) Memory corruption when the encoding of the output of the transform is set to UTF-16
Posted by "David Bertoni (JIRA)" <xa...@xml.apache.org>.
[ http://nagoya.apache.org/jira/browse/XALANC-438?page=history ]
David Bertoni resolved XALANC-438:
----------------------------------
Resolution: Fixed
Fix Version: CurrentCVS
Fix is in CVS. Can you please verify? Thanks!
> Memory corruption when the encoding of the output of the transform is set to UTF-16
> -----------------------------------------------------------------------------------
>
> Key: XALANC-438
> URL: http://nagoya.apache.org/jira/browse/XALANC-438
> Project: XalanC
> Type: Bug
> Components: XalanC
> Versions: 1.6, 1.8
> Environment: Windows
> Reporter: Bob Bisso
> Fix For: CurrentCVS
> Attachments: foo.xsl
>
> Memory corruption occurs when a large buffer, greater than 512 bytes
> Memory corruption occurs when the encoding of the output of a transform is set to UTF-16 (either programmatically or by inserting "<xsl:output encoding='UTF-16' />" in the style sheet). The function FormatterToXML_UTF16::write() in the file FormatterToXML_UTF16.cpp (in "src\xalanc\XMLSupport" folder) is used in serializing the transformed output in UTF-16 encoding. It uses a buffer of 512 characters long to store the output before writing it to the output device. At the top of the function, it attempts to check if the length of the data (in double byte characters) it is asked to write to the output device is bigger than the size of the buffer (in bytes). So the code to handle this is not executed due to this problem, and the code merrily goes along to write the data into the buffer, hence corrupting memory. There is a second problem, and that is in the code that actually handles the case where the length of the data exceeded the buffer size, it flushes the buffer, and then use the wrong overloaded write() function to write the data to the output device.
> Proposed fix, for FormatterToXML_UTF16::write() in the file FormatterToXML_UTF16.cpp, is as follows:
> inline void
> FormatterToXML_UTF16::write(
> const XalanDOMChar* theChars,
> XalanDOMString::size_type theLength)
> {
> if (theLength > sizeof(m_buffer)/sizeof(XalanDOMChar))
> {
> flushBuffer();
> m_writer->write((const char*)theChars, 0, theLength * sizeof(XalanDOMChar));
> }
> else
> {
> if (m_bufferRemaining < theLength)
> {
> flushBuffer();
> }
> for(XalanDOMString::size_type i = 0; i < theLength; ++i)
> {
> *m_bufferPosition = theChars[i];
> ++m_bufferPosition;
> }
> m_bufferRemaining -= theLength;
> }
> }
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://nagoya.apache.org/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: xalan-dev-unsubscribe@xml.apache.org
For additional commands, e-mail: xalan-dev-help@xml.apache.org
[jira] Updated: (XALANC-438) Memory corruption when the encoding of the output of the transform is set to UTF-16
Posted by "Bob Bisso (JIRA)" <xa...@xml.apache.org>.
[ http://nagoya.apache.org/jira/browse/XALANC-438?page=history ]
Bob Bisso updated XALANC-438:
-----------------------------
Attachment: foo.xsl
To reproduce this issue replace the foo.xsl file in the Samples\SimpleTransform directory with this one and execute the SimpleTransform.exe.
> Memory corruption when the encoding of the output of the transform is set to UTF-16
> -----------------------------------------------------------------------------------
>
> Key: XALANC-438
> URL: http://nagoya.apache.org/jira/browse/XALANC-438
> Project: XalanC
> Type: Bug
> Components: XalanC
> Versions: 1.6, 1.8
> Environment: Windows
> Reporter: Bob Bisso
> Attachments: foo.xsl
>
> Memory corruption occurs when a large buffer, greater than 512 bytes
> Memory corruption occurs when the encoding of the output of a transform is set to UTF-16 (either programmatically or by inserting "<xsl:output encoding='UTF-16' />" in the style sheet). The function FormatterToXML_UTF16::write() in the file FormatterToXML_UTF16.cpp (in "src\xalanc\XMLSupport" folder) is used in serializing the transformed output in UTF-16 encoding. It uses a buffer of 512 characters long to store the output before writing it to the output device. At the top of the function, it attempts to check if the length of the data (in double byte characters) it is asked to write to the output device is bigger than the size of the buffer (in bytes). So the code to handle this is not executed due to this problem, and the code merrily goes along to write the data into the buffer, hence corrupting memory. There is a second problem, and that is in the code that actually handles the case where the length of the data exceeded the buffer size, it flushes the buffer, and then use the wrong overloaded write() function to write the data to the output device.
> Proposed fix, for FormatterToXML_UTF16::write() in the file FormatterToXML_UTF16.cpp, is as follows:
> inline void
> FormatterToXML_UTF16::write(
> const XalanDOMChar* theChars,
> XalanDOMString::size_type theLength)
> {
> if (theLength > sizeof(m_buffer)/sizeof(XalanDOMChar))
> {
> flushBuffer();
> m_writer->write((const char*)theChars, 0, theLength * sizeof(XalanDOMChar));
> }
> else
> {
> if (m_bufferRemaining < theLength)
> {
> flushBuffer();
> }
> for(XalanDOMString::size_type i = 0; i < theLength; ++i)
> {
> *m_bufferPosition = theChars[i];
> ++m_bufferPosition;
> }
> m_bufferRemaining -= theLength;
> }
> }
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://nagoya.apache.org/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: xalan-dev-unsubscribe@xml.apache.org
For additional commands, e-mail: xalan-dev-help@xml.apache.org