[
https://issues.apache.org/jira/browse/XERCESC-2253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17881046#comment-17881046
]
Scott Cantor commented on XERCESC-2253:
---------------------------------------
Original PR/patch at https://github.com/apache/xerces-c/pull/59
Targeted for upcoming minor.
> Undefined behavior on ElemStack and NamespaceScope
> --------------------------------------------------
>
> Key: XERCESC-2253
> URL: https://issues.apache.org/jira/browse/XERCESC-2253
> Project: Xerces-C++
> Issue Type: Bug
> Components: Miscellaneous
> Affects Versions: 3.2.5
> Environment: gcc-12, C++17
> Reporter: Diego OrtÃn
> Assignee: Scott Cantor
> Priority: Major
> Fix For: 3.3.0
>
>
> When running programs that use xerces-c with the Undefined Behavior Sanitizer
> (ubsan), undefined behavior is detected in {{ElemStack::expandStack}} and
> {{NamespaceScope::expandMap}}. Both instances are due to memcpy being called
> with {{NULL}} as one of its parameters when {{toExpand->fMap}} is {{NULL}},
> which works (the size parameter is 0) but is undefined behavior.
> This is fixed by doing a simple check for null before calling {{memcpy}}. If
> the object we wanted to copy from was null, we do not copy at all and the
> result is the same. This avoids the UBSan being triggered, and potential
> issues with compiler optimizations (as both pointer arguments to {{memcpy}}
> are marked as {{__nonnull}})
> I can send a simple patch that fixes this.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org
