[ https://issues.apache.org/jira/browse/XERCESC-2066?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Scott Cantor resolved XERCESC-2066. ----------------------------------- Resolution: Fixed Applied to trunk, r1799527. > Exception handling mistake in DTDScanner > ---------------------------------------- > > Key: XERCESC-2066 > URL: https://issues.apache.org/jira/browse/XERCESC-2066 > Project: Xerces-C++ > Issue Type: Bug > Components: Validating Parser (DTD) > Affects Versions: 3.1.0, 3.1.1, 3.1.2, 3.1.3 > Reporter: Scott Cantor > Assignee: Scott Cantor > Fix For: 3.2.0, 3.1.4 > > > Index: src/xercesc/validators/DTD/DTDScanner.cpp > ==========================================================The DTDScanner > fails to account for the fact that peeking characters in the XMLReader class > can raise an exception if an invalid character is encountered, and the > exception crosses stack frames in an unsafe way that causes a higher level > exception handler to access an already-freed object. > The proposed patch below traps the exception locally and records the parser > error in the appropriate frame. > We should also review the code for other calls to the XMLReader methods that > can throw. > {code} > --- src/xercesc/validators/DTD/DTDScanner.cpp (revision 1741478) > +++ src/xercesc/validators/DTD/DTDScanner.cpp (working copy) > @@ -2509,7 +2509,15 @@ > { > while (true) > { > - const XMLCh nextCh = fReaderMgr->peekNextChar(); > + XMLCh nextCh; > + > + try { > + nextCh = fReaderMgr->peekNextChar(); > + } > + catch (XMLException& ex) { > + fScanner->emitError(XMLErrs::XMLException_Fatal, > ex.getCode(), ex.getMessage(), NULL, NULL); > + nextCh = chNull; > + } > > if (!nextCh) > { > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org