cvs commit: xml-xerces/c/src/xercesc/validators/datatype ListDatatypeValidator.cpp

[neilg]

neilg       2003/12/17 12:41:47

  Modified:    c/src/xercesc/validators/datatype ListDatatypeValidator.cpp
  Log:
  fix a segfault and a possible buffer overflow condition
  
  Revision  Changes    Path
  1.16      +18 -3     
xml-xerces/c/src/xercesc/validators/datatype/ListDatatypeValidator.cpp
  
  Index: ListDatatypeValidator.cpp
  ===================================================================
  RCS file: 
/home/cvs/xml-xerces/c/src/xercesc/validators/datatype/ListDatatypeValidator.cpp,v
  retrieving revision 1.15
  retrieving revision 1.16
  diff -u -r1.15 -r1.16
  --- ListDatatypeValidator.cpp 17 Dec 2003 00:18:39 -0000      1.15
  +++ ListDatatypeValidator.cpp 17 Dec 2003 20:41:47 -0000      1.16
  @@ -57,6 +57,9 @@
   /*
    * $Id$
    * $Log$
  + * Revision 1.16  2003/12/17 20:41:47  neilg
  + * fix a segfault and a possible buffer overflow condition
  + *
    * Revision 1.15  2003/12/17 00:18:39  cargilld
    * Update to memory management so that the static memory manager (one used to call 
Initialize) is only for static data.
    *
  @@ -512,14 +515,26 @@
       unsigned int  retBufSize = 2 * XMLString::stringLen(rawData);
   
       XMLCh* retBuf = (XMLCh*) toUse->allocate(retBufSize * sizeof(XMLCh));
  +    retBuf[0] = 0;
       XMLCh* retBufPtr = retBuf;
   
       DatatypeValidator* itemDv = this->getItemTypeDTV();
       for (unsigned int i = 0; i < tokenVector->size(); i++)
       {
           XMLCh* itemCanRep = (XMLCh*) 
itemDv->getCanonicalRepresentation(tokenVector->elementAt(i), toUse);
  +        unsigned int itemLen = XMLString::stringLen(itemCanRep); 
  +        if(retBufPtr+itemLen+2 >= retBuf+retBufSize)
  +        {
  +            // need to resize
  +            XMLCh * oldBuf = retBuf;
  +            retBuf = (XMLCh*) toUse->allocate(retBufSize * sizeof(XMLCh) * 2);
  +            memcpy(retBuf, oldBuf, retBufSize * sizeof(XMLCh ));
  +            retBufPtr = (retBufPtr - oldBuf) + retBuf;
  +            toUse->deallocate(oldBuf);
  +            retBufSize <<= 1;
  +        }
           XMLString::catString(retBufPtr, itemCanRep);
  -        retBufPtr = retBufPtr + XMLString::stringLen(itemCanRep) + 1;
  +        retBufPtr = retBufPtr + itemLen + 1;
           *(retBufPtr++) = chSpace;
           *(retBufPtr) = chNull;
           toUse->deallocate(itemCanRep);
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]