Hello,
In order to determine whether:
1)
<!ENTITY name PUBLIC "" "..." NDATA notation>
or
<!ENTITY name SYSTEM "..." NDATA notation>
2)
<!NOTATION name PUBLIC "..." "">
or
<!NOTATION name PUBLIC "...">
and 3)
<!DOCTYPE gi PUBLIC "" "...">
or
<!DOCTYPE gi SYSTEM "...">
you will need the patch below, to be applied on Xerces-C 3.1.1.
Hope this helps,
Denis Excoffier
On Mon, Sep 11, 2006 at 12:43:33AM -0700, Alberto Massari (JIRA) wrote:
>> [ http://issues.apache.org/jira/browse/XERCESC-1536?page=all ]
>>
>> Alberto Massari resolved XERCESC-1536.
>> --------------------------------------
>>
>> Resolution: Fixed
>>
>> A fix is in SVN; please verify
>>
>> Alberto
>>
>> > Empty systemID crashes Xerxes Parser
>> > ------------------------------------
>> >
>> > Key: XERCESC-1536
>> > URL: http://issues.apache.org/jira/browse/XERCESC-1536
>> > Project: Xerces-C++
>> > Issue Type: Bug
>> > Components: Validating Parser (DTD)
>> > Affects Versions: 2.7.0
>> > Environment: Windows 32 bit (WinXP Prof), using VC 6.0
>> > Reporter: Arthur Rother
>> >
>> > Using the following declaration crashes Xerces:
>> > <!ENTITY % ISOlat1 PUBLIC "ISO 8879-1986//ENTITIES Added Latin 1//EN" "">
>> > ** Note the empty systemID declaration.**
>> > Background:
>> > Added a OASIS Catalog Resolving Mechanism to our integration of Xerces
>> > Parser, callback handler EntityHandler::resolveEntity is supposed to
>> > resolve the public ID.
>> > Unfortunately, line
>> > internal/ReaderMgr.cpp:470
>> > handles the string without checking if the pointer const XMLCh* const
>> > sysId is NULL. And maybe the sysID pointer shouldn't have been NULL, but
>> > the empty string.
>> > Best Regards,
>> > Arthur
>>
>> --
>> This message is automatically generated by JIRA.
>> -
>> If you think it was sent incorrectly contact one of the administrators:
>> http://issues.apache.org/jira/secure/Administrators.jspa
>> -
>> For more information on JIRA, see: http://www.atlassian.com/software/jira
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [email protected]
>> For additional commands, e-mail: [email protected]
>>
>>
>>
diff -uNr xerces-c-3.1.1o/src/xercesc/framework/XMLBuffer.hpp
xerces-c-3.1.1p/src/xercesc/framework/XMLBuffer.hpp
--- xerces-c-3.1.1o/src/xercesc/framework/XMLBuffer.hpp 2010-04-11
15:04:35.000000000 +0159
+++ xerces-c-3.1.1p/src/xercesc/framework/XMLBuffer.hpp 2012-08-06
12:28:09.031250000 +0159
@@ -57,6 +57,7 @@
, fCapacity(capacity)
, fFullSize(0)
, fUsed(false)
+ , fTouched(false)
, fMemoryManager(manager)
, fFullHandler(0)
, fBuffer(0)
@@ -194,6 +195,11 @@
return (fIndex == 0);
}
+ bool getTouched() const
+ {
+ return fTouched;
+ }
+
// -----------------------------------------------------------------------
// Setters
// -----------------------------------------------------------------------
@@ -202,6 +208,11 @@
fUsed = newValue;
}
+ void setTouched(const bool newValue)
+ {
+ fTouched = newValue;
+ }
+
private :
// -----------------------------------------------------------------------
// Unimplemented constructors and operators
@@ -248,6 +259,7 @@
XMLSize_t fCapacity;
XMLSize_t fFullSize;
bool fUsed;
+ bool fTouched;
MemoryManager* const fMemoryManager;
XMLBufferFullHandler* fFullHandler;
XMLCh* fBuffer;
diff -uNr xerces-c-3.1.1o/src/xercesc/internal/DGXMLScanner.cpp
xerces-c-3.1.1p/src/xercesc/internal/DGXMLScanner.cpp
--- xerces-c-3.1.1o/src/xercesc/internal/DGXMLScanner.cpp 2009-11-05
14:21:03.000000000 +0059
+++ xerces-c-3.1.1p/src/xercesc/internal/DGXMLScanner.cpp 2012-08-06
11:40:00.703125000 +0159
@@ -855,6 +855,8 @@
bool hasExtSubset = false;
XMLCh* sysId = 0;
XMLCh* pubId = 0;
+ bool sysTouched = false;
+ bool pubTouched = false;
DTDScanner dtdScanner
(
@@ -881,8 +883,8 @@
fHasNoDTD = false;
// Get buffers for the ids
- XMLBufBid bbPubId(&fBufMgr);
- XMLBufBid bbSysId(&fBufMgr);
+ XMLBufBid bbPubId(&fBufMgr); bbPubId.getBuffer().setTouched(false);
+ XMLBufBid bbSysId(&fBufMgr); bbSysId.getBuffer().setTouched(false);
// Get the external subset id
if (!dtdScanner.scanId(bbPubId.getBuffer(), bbSysId.getBuffer(),
DTDScanner::IDType_External))
@@ -894,6 +896,8 @@
// Get copies of the ids we got
pubId = XMLString::replicate(bbPubId.getRawBuffer(), fMemoryManager);
sysId = XMLString::replicate(bbSysId.getRawBuffer(), fMemoryManager);
+ pubTouched = bbPubId.getBuffer().getTouched();
+ sysTouched = bbSysId.getBuffer().getTouched();
// Skip spaces and check again for the opening of an internal subset
fReaderMgr.skipPastSpaces();
@@ -911,7 +915,7 @@
// If we have a doc type handler and advanced callbacks are enabled,
// call the doctype event.
if (fDocTypeHandler)
- fDocTypeHandler->doctypeDecl(*rootDecl, pubId, sysId, hasIntSubset,
hasExtSubset);
+ fDocTypeHandler->doctypeDecl(*rootDecl, pubTouched ? pubId : 0,
sysTouched ? sysId : 0, hasIntSubset, hasExtSubset);
// Ok, if we had an internal subset, we are just past the [ character
// and need to parse that first.
diff -uNr xerces-c-3.1.1o/src/xercesc/internal/IGXMLScanner.cpp
xerces-c-3.1.1p/src/xercesc/internal/IGXMLScanner.cpp
--- xerces-c-3.1.1o/src/xercesc/internal/IGXMLScanner.cpp 2009-11-20
14:43:50.000000000 +0059
+++ xerces-c-3.1.1p/src/xercesc/internal/IGXMLScanner.cpp 2012-08-06
11:36:58.156250000 +0159
@@ -1335,6 +1335,8 @@
bool hasExtSubset = false;
XMLCh* sysId = 0;
XMLCh* pubId = 0;
+ bool sysTouched = false;
+ bool pubTouched = false;
DTDScanner dtdScanner
(
@@ -1361,8 +1363,8 @@
fHasNoDTD = false;
// Get buffers for the ids
- XMLBufBid bbPubId(&fBufMgr);
- XMLBufBid bbSysId(&fBufMgr);
+ XMLBufBid bbPubId(&fBufMgr); bbPubId.getBuffer().setTouched(false);
+ XMLBufBid bbSysId(&fBufMgr); bbSysId.getBuffer().setTouched(false);
// Get the external subset id
if (!dtdScanner.scanId(bbPubId.getBuffer(), bbSysId.getBuffer(),
DTDScanner::IDType_External))
@@ -1374,6 +1376,8 @@
// Get copies of the ids we got
pubId = XMLString::replicate(bbPubId.getRawBuffer(), fMemoryManager);
sysId = XMLString::replicate(bbSysId.getRawBuffer(), fMemoryManager);
+ pubTouched = bbPubId.getBuffer().getTouched();
+ sysTouched = bbSysId.getBuffer().getTouched();
// Skip spaces and check again for the opening of an internal subset
fReaderMgr.skipPastSpaces();
@@ -1391,7 +1395,7 @@
// If we have a doc type handler and advanced callbacks are enabled,
// call the doctype event.
if (fDocTypeHandler)
- fDocTypeHandler->doctypeDecl(*rootDecl, pubId, sysId, hasIntSubset,
hasExtSubset);
+ fDocTypeHandler->doctypeDecl(*rootDecl, pubTouched ? pubId : 0,
sysTouched ? sysId : 0, hasIntSubset, hasExtSubset);
// Ok, if we had an internal subset, we are just past the [ character
// and need to parse that first.
diff -uNr xerces-c-3.1.1o/src/xercesc/validators/DTD/DTDScanner.cpp
xerces-c-3.1.1p/src/xercesc/validators/DTD/DTDScanner.cpp
--- xerces-c-3.1.1o/src/xercesc/validators/DTD/DTDScanner.cpp 2009-11-05
14:21:03.000000000 +0059
+++ xerces-c-3.1.1p/src/xercesc/validators/DTD/DTDScanner.cpp 2012-08-06
11:32:42.312500000 +0159
@@ -2291,8 +2291,8 @@
// Its got to be an external entity, so there must be an external id.
// Get buffers for them and scan an external id into them.
//
- XMLBufBid bbPubId(fBufMgr);
- XMLBufBid bbSysId(fBufMgr);
+ XMLBufBid bbPubId(fBufMgr); bbPubId.getBuffer().setTouched(false);
+ XMLBufBid bbSysId(fBufMgr); bbSysId.getBuffer().setTouched(false);
if (!scanId(bbPubId.getBuffer(), bbSysId.getBuffer(), IDType_External))
return false;
@@ -2301,10 +2301,10 @@
fReaderMgr->getLastExtEntityInfo(lastInfo);
// Fill in the id fields of the decl with the info we got
- const XMLCh* publicId = bbPubId.getRawBuffer();
- const XMLCh* systemId = bbSysId.getRawBuffer();
- decl.setPublicId((publicId && *publicId) ? publicId : 0);
- decl.setSystemId((systemId && *systemId) ? systemId : 0);
+ const XMLCh* publicId = bbPubId.getRawBuffer(); if
(!bbPubId.getBuffer().getTouched()) { publicId = 0; };
+ const XMLCh* systemId = bbSysId.getRawBuffer(); if
(!bbSysId.getBuffer().getTouched()) { systemId = 0; };
+ decl.setPublicId(publicId);
+ decl.setSystemId(systemId);
decl.setBaseURI((lastInfo.systemId && *lastInfo.systemId) ?
lastInfo.systemId : 0);
// If its a PE decl, we are done
@@ -3467,8 +3467,8 @@
// And scan an external or public id. We need buffers to use for both
// of these.
//
- XMLBufBid bbPubId(fBufMgr);
- XMLBufBid bbSysId(fBufMgr);
+ XMLBufBid bbPubId(fBufMgr); bbPubId.getBuffer().setTouched(false);
+ XMLBufBid bbSysId(fBufMgr); bbSysId.getBuffer().setTouched(false);
if (!scanId(bbPubId.getBuffer(), bbSysId.getBuffer(), IDType_Either))
{
fReaderMgr->skipPastChar(chCloseAngle);
@@ -3492,16 +3492,16 @@
else
{
// Fill in a new notation declaration and add it to the pool
- const XMLCh* publicId = bbPubId.getRawBuffer();
- const XMLCh* systemId = bbSysId.getRawBuffer();
+ const XMLCh* publicId = bbPubId.getRawBuffer(); if
(!bbPubId.getBuffer().getTouched()) { publicId = 0; };
+ const XMLCh* systemId = bbSysId.getRawBuffer(); if
(!bbSysId.getBuffer().getTouched()) { systemId = 0; };
ReaderMgr::LastExtEntityInfo lastInfo;
fReaderMgr->getLastExtEntityInfo(lastInfo);
decl = new (fGrammarPoolMemoryManager) XMLNotationDecl
(
bbName.getRawBuffer()
- , (publicId && *publicId) ? publicId : 0
- , (systemId && *systemId) ? systemId : 0
+ , publicId
+ , systemId
, (lastInfo.systemId && *lastInfo.systemId) ? lastInfo.systemId : 0
, fGrammarPoolMemoryManager
);
@@ -3691,6 +3691,7 @@
bool DTDScanner::scanPublicLiteral(XMLBuffer& toFill)
{
toFill.reset();
+ toFill.setTouched(true);
// Get the next char which must be a single or double quote
XMLCh quoteCh;
@@ -3742,6 +3743,7 @@
bool DTDScanner::scanSystemLiteral(XMLBuffer& toFill)
{
toFill.reset();
+ toFill.setTouched(true);
// Get the next char which must be a single or double quote
XMLCh quoteCh;
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
