[
https://issues.apache.org/jira/browse/XERCESC-2066?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Scott Cantor resolved XERCESC-2066.
-----------------------------------
Resolution: Fixed
Applied to trunk, r1799527.
> Exception handling mistake in DTDScanner
> ----------------------------------------
>
> Key: XERCESC-2066
> URL: https://issues.apache.org/jira/browse/XERCESC-2066
> Project: Xerces-C++
> Issue Type: Bug
> Components: Validating Parser (DTD)
> Affects Versions: 3.1.0, 3.1.1, 3.1.2, 3.1.3
> Reporter: Scott Cantor
> Assignee: Scott Cantor
> Fix For: 3.2.0, 3.1.4
>
>
> Index: src/xercesc/validators/DTD/DTDScanner.cpp
> ==========================================================The DTDScanner
> fails to account for the fact that peeking characters in the XMLReader class
> can raise an exception if an invalid character is encountered, and the
> exception crosses stack frames in an unsafe way that causes a higher level
> exception handler to access an already-freed object.
> The proposed patch below traps the exception locally and records the parser
> error in the appropriate frame.
> We should also review the code for other calls to the XMLReader methods that
> can throw.
> {code}
> --- src/xercesc/validators/DTD/DTDScanner.cpp (revision 1741478)
> +++ src/xercesc/validators/DTD/DTDScanner.cpp (working copy)
> @@ -2509,7 +2509,15 @@
> {
> while (true)
> {
> - const XMLCh nextCh = fReaderMgr->peekNextChar();
> + XMLCh nextCh;
> +
> + try {
> + nextCh = fReaderMgr->peekNextChar();
> + }
> + catch (XMLException& ex) {
> + fScanner->emitError(XMLErrs::XMLException_Fatal,
> ex.getCode(), ex.getMessage(), NULL, NULL);
> + nextCh = chNull;
> + }
>
> if (!nextCh)
> {
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org
