[
https://issues.apache.org/jira/browse/XERCESC-2066?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Scott Cantor updated XERCESC-2066:
----------------------------------
Description:
Index: src/xercesc/validators/DTD/DTDScanner.cpp
==========================================================The DTDScanner fails
to account for the fact that peeking characters in the XMLReader class can
raise an exception if an invalid character is encountered, and the exception
crosses stack frames in an unsafe way that causes a higher level exception
handler to access an already-freed object.
The proposed patch below traps the exception locally and records the parser
error in the appropriate frame.
We should also review the code for other calls to the XMLReader methods that
can throw.
{code}
--- src/xercesc/validators/DTD/DTDScanner.cpp (revision 1741478)
+++ src/xercesc/validators/DTD/DTDScanner.cpp (working copy)
@@ -2509,7 +2509,15 @@
{
while (true)
{
- const XMLCh nextCh = fReaderMgr->peekNextChar();
+ XMLCh nextCh;
+
+ try {
+ nextCh = fReaderMgr->peekNextChar();
+ }
+ catch (XMLException& ex) {
+ fScanner->emitError(XMLErrs::XMLException_Fatal,
ex.getCode(), ex.getMessage(), NULL, NULL);
+ nextCh = chNull;
+ }
if (!nextCh)
{
{code}
was:
Index: src/xercesc/validators/DTD/DTDScanner.cpp
==========================================================The DTDScanner fails
to account for the fact that peeking characters in the XMLReader class can
raise an exception if an invalid character is encountered, and the exception
crosses stack frames in an unsafe way that causes a higher level exception
handler to access an already-freed object.
The proposed patch below traps the exception locally and records the parser
error in the appropriate frame.
We should also review the code for other calls to the XMLReader methods that
can throw.
--- src/xercesc/validators/DTD/DTDScanner.cpp (revision 1741478)
+++ src/xercesc/validators/DTD/DTDScanner.cpp (working copy)
@@ -2509,7 +2509,15 @@
{
while (true)
{
- const XMLCh nextCh = fReaderMgr->peekNextChar();
+ XMLCh nextCh;
+
+ try {
+ nextCh = fReaderMgr->peekNextChar();
+ }
+ catch (XMLException& ex) {
+ fScanner->emitError(XMLErrs::XMLException_Fatal,
ex.getCode(), ex.getMessage(), NULL, NULL);
+ nextCh = chNull;
+ }
if (!nextCh)
{
> Exception handling mistake in DTDScanner
> ----------------------------------------
>
> Key: XERCESC-2066
> URL: https://issues.apache.org/jira/browse/XERCESC-2066
> Project: Xerces-C++
> Issue Type: Bug
> Components: Validating Parser (DTD)
> Affects Versions: 3.1.0, 3.1.1, 3.1.2, 3.1.3
> Reporter: Scott Cantor
> Assignee: Scott Cantor
>
> Index: src/xercesc/validators/DTD/DTDScanner.cpp
> ==========================================================The DTDScanner
> fails to account for the fact that peeking characters in the XMLReader class
> can raise an exception if an invalid character is encountered, and the
> exception crosses stack frames in an unsafe way that causes a higher level
> exception handler to access an already-freed object.
> The proposed patch below traps the exception locally and records the parser
> error in the appropriate frame.
> We should also review the code for other calls to the XMLReader methods that
> can throw.
> {code}
> --- src/xercesc/validators/DTD/DTDScanner.cpp (revision 1741478)
> +++ src/xercesc/validators/DTD/DTDScanner.cpp (working copy)
> @@ -2509,7 +2509,15 @@
> {
> while (true)
> {
> - const XMLCh nextCh = fReaderMgr->peekNextChar();
> + XMLCh nextCh;
> +
> + try {
> + nextCh = fReaderMgr->peekNextChar();
> + }
> + catch (XMLException& ex) {
> + fScanner->emitError(XMLErrs::XMLException_Fatal,
> ex.getCode(), ex.getMessage(), NULL, NULL);
> + nextCh = chNull;
> + }
>
> if (!nextCh)
> {
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org
