Problem in prefix parsing while creating Documnet, Element, Attributes on all
platforms : Issue is in poolString creation
-------------------------------------------------------------------------------------------------------------------------
Key: XERCESC-1940
URL: https://issues.apache.org/jira/browse/XERCESC-1940
Project: Xerces-C++
Issue Type: Bug
Components: DOM
Affects Versions: 3.0.1, 3.1.1
Environment: ALL Platform, ALL OS
Reporter: Anil G Pandge
Priority: Critical
Description:
============
When I create a DOM document using xerces APIs, for very specific input its
creating wrong payload. This is observable on 64-bit but on 32-bit. For testing
I have written sample with createDocument API which creates DOM document and
print it in string format.
I ran the test on following inputs:
createDocument("types:statusSet","http://xyz.com";);
createDocument function just create dom document and prints payloads. Following
is the outputs of above string on 32-bit machine.
32 bit platforms output:
prefix = types:statusSet
LocalName = statusSet
doc = <types:statusSet xmlns:types:statusSet="http://xyz.com"/>
===================
Severity : Critical
===================
Platforms: ALL
==============
Cause and resolution
====================
I debugged xerces code, issue is in
File : "DOMDocumentImpl.hpp"
Function : "DOMDocumentImpl::getPooledNString(const XMLCh *in, XMLSize_t n)"
Patch:
======
--- DOMDocumentImpl.hpp 2008-07-24 15:58:29.000000000 +0530
+++
/data/eclipse_workspace/CppIT-3.1.0/XercesTEst/src/xercesc/dom/impl/DOMDocumentImpl.hpp
2010-08-22 10:36:18.000000000 +0530
@@ -401,9 +401,11 @@
pspe = &fNameTable[inHash];
while (*pspe != 0)
{
- if (XMLString::equalsN((*pspe)->fString, in, n))
- return (*pspe)->fString;
- pspe = &((*pspe)->fNext);
+ XMLCh firstN[n];
+ XMLString::copyNString(firstN,in,n);
+ if (XMLString::equals((*pspe)->fString, firstN))
+ return (*pspe)->fString;
+ pspe = &((*pspe)->fNext);
}
Issue:
======
1. getPooledNString computes hash of prefix and searches in fNameTable.
2. Once hash is found, code cheks pooledString and 'n' characters of
qualifiedString. !!!!! WRONG !!!!!
3. if comparision is true it returns the pooled string.
Ex:
In case of "types:statusSet", it will compare "types:statusSet"
and first 6 characters of "types:", it found comparision true. It return pooled
string "types:statusSet" as prefix !!!!! WRONG !!!!!
How to reporduce:
=================
Very easy to reproduce. Run the sample program I have attached.
Resolution:
===========
I have attached patch file with resolution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org
