[jira] [Assigned] (XERCESC-2126) Type Confusion from DTDGrammar to SchemaGrammar

Mon, 30 Dec 2019 09:05:30 -0800 


     [ 
https://issues.apache.org/jira/browse/XERCESC-2126?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Scott Cantor reassigned XERCESC-2126:
-------------------------------------

    Assignee: Scott Cantor

> Type Confusion from DTDGrammar to SchemaGrammar
> -----------------------------------------------
>
>                 Key: XERCESC-2126
>                 URL: https://issues.apache.org/jira/browse/XERCESC-2126
>             Project: Xerces-C++
>          Issue Type: Bug
>          Components: DOM
>    Affects Versions: 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.1.1, 3.1.2, 3.2.0, 3.1.3, 
> 3.1.4, 3.2.1, 3.2.2
>         Environment: Ubuntu 16.04 LTS, Intel(R) Core(TM) i7-6700 CPU @ 
> 3.40GHz, 16GB
>            Reporter: Yuseok Jeon
>            Assignee: Scott Cantor
>            Priority: Major
>             Fix For: 3.2.3
>
>         Attachments: Xerces-C++ Type confusion Report.pdf
>
>
> Hi all,
> Our type confusion detection tool reports a type_confusion error in the 
> "xercesc/validators/schema/SchemaValidator.cpp"
> xercesc/validators/schema/SchemaValidator.cpp line 772 
> 756 void SchemaValidator::preContentValidation(bool, bool validateDefAttr)
> 758 {
> 769    RefHashTableOfEnumerator<Grammar> grammarEnum = 
> fGrammarResolver->getGrammarEnumerator();
> 770    while (grammarEnum.hasMoreElements())
> 771    {
> {color:red}772        SchemaGrammar& sGrammar = (SchemaGrammar&) 
> grammarEnum.nextElement();{color}
> 773        if (sGrammar.getGrammarType() != Grammar::SchemaGrammarType || 
> sGrammar.getValidated())
> 774             continue;
>                  ……………
>           }
> In the line 772, grammarEnum.nextElement() indicates object allocated as 
> DTDGrammar, and it is casted into SchemaGrammar. However, since SchemaGrammar 
> is not a subobject of DTDGrammar, it is violating C++ standard rules 5.2.9/11 
> (down casting is undefined if the object that the pointer to be casted points 
> to is not a suboject of down casting type) and causes undefined behaviors.
> There are similar type-confusion cases as below links.
> - (Xerces-c++) https://issues.apache.org/jira/browse/XERCESC-2088
> - (libstdc++) https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60734
> - (Firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=1074280
> I attached detail type confusion information.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

Reply via email to