Yuseok Jeon created XERCESC-2088:
------------------------------------
Summary: Bad casting from DOMTextImpl to DOMElementImpl
Key: XERCESC-2088
URL: https://issues.apache.org/jira/browse/XERCESC-2088
Project: Xerces-C++
Issue Type: Bug
Components: DOM
Affects Versions: 3.1.4, 3.1.3, 3.1.2, 3.1.1
Environment: ubuntu 16.04 LTS, Intel(R) Core(TM) i7-6700 CPU @
3.40GHz, 16GB
Reporter: Yuseok Jeon
Attachments: Actual_result.txt, relationship_tree.jpeg
Hi all,
Our recently developed type confusion detection tool reports a type_confusion
error in the "xercesc/dom/imple/DOMCasts.hpp"
xercesc/dom/imple/DOMCasts.hpp, line 146
static inline DOMNodeImpl *castToNodeImpl(const DOMNode *p)
{
DOMElementImpl *pE = (DOMElementImpl *)p;
return &(pE->fNode);
}
p is pointing to the object allocated as DOMTextImpl, and it is casted into
DOMElementImpl. However, since DOMElementImpl is not a subobject of
DOMTextImpl, it is violating C++ standard rules 5.2.9/11--down casting is
undefined if the object that the pointer to be casted points to is not a
suboject of down casting type-- and causes undefined behaviors.
There are similar type-confusion cases as below links.
- (libstdc++) https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60734
- (Firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=1074280
I attached a actual type confusion report and object relationship information.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org
