Author: amassari
Date: Tue Apr 17 09:35:00 2012
New Revision: 1327014
URL: http://svn.apache.org/viewvc?rev=1327014&view=rev
Log:
Verify that the pooled string has the requested length, to avoid the case when
multiple strings share the same hash code and starts with the same substring
(XERCESC-1978)
Modified:
xerces/c/trunk/src/xercesc/dom/impl/DOMDocumentImpl.hpp
xerces/c/trunk/src/xercesc/dom/impl/DOMStringPool.hpp
Modified: xerces/c/trunk/src/xercesc/dom/impl/DOMDocumentImpl.hpp
URL:
http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/dom/impl/DOMDocumentImpl.hpp?rev=1327014&r1=1327013&r2=1327014&view=diff
==============================================================================
--- xerces/c/trunk/src/xercesc/dom/impl/DOMDocumentImpl.hpp (original)
+++ xerces/c/trunk/src/xercesc/dom/impl/DOMDocumentImpl.hpp Tue Apr 17 09:35:00
2012
@@ -360,6 +360,7 @@ inline const XMLCh* DOMDocumentImpl::ge
{
if (in == 0)
return 0;
+ XMLSize_t n = XMLString::stringLen(in);
DOMStringPoolEntry **pspe;
DOMStringPoolEntry *spe;
@@ -368,7 +369,7 @@ inline const XMLCh* DOMDocumentImpl::ge
pspe = &fNameTable[inHash];
while (*pspe != 0)
{
- if (XMLString::equals((*pspe)->fString, in))
+ if ((*pspe)->fLength == n && XMLString::equals((*pspe)->fString, in))
return (*pspe)->fString;
pspe = &((*pspe)->fNext);
}
@@ -380,16 +381,16 @@ inline const XMLCh* DOMDocumentImpl::ge
// declared in the struct, so we don't need to add one again to
// account for the trailing null.
//
- XMLSize_t sizeToAllocate = sizeof(DOMStringPoolEntry) +
XMLString::stringLen(in)*sizeof(XMLCh);
+ XMLSize_t sizeToAllocate = sizeof(DOMStringPoolEntry) + n*sizeof(XMLCh);
*pspe = spe = (DOMStringPoolEntry *)allocate(sizeToAllocate);
+ spe->fLength = n;
spe->fNext = 0;
XMLString::copyString((XMLCh*)spe->fString, in);
return spe->fString;
}
-inline const XMLCh* DOMDocumentImpl::
-getPooledNString(const XMLCh *in, XMLSize_t n)
+inline const XMLCh* DOMDocumentImpl::getPooledNString(const XMLCh *in,
XMLSize_t n)
{
if (in == 0)
return 0;
@@ -401,7 +402,7 @@ getPooledNString(const XMLCh *in, XMLSiz
pspe = &fNameTable[inHash];
while (*pspe != 0)
{
- if (XMLString::equalsN((*pspe)->fString, in, n))
+ if ((*pspe)->fLength == n && XMLString::equalsN((*pspe)->fString, in, n))
return (*pspe)->fString;
pspe = &((*pspe)->fNext);
}
@@ -415,6 +416,7 @@ getPooledNString(const XMLCh *in, XMLSiz
//
XMLSize_t sizeToAllocate = sizeof(DOMStringPoolEntry) + n*sizeof(XMLCh);
*pspe = spe = (DOMStringPoolEntry *)allocate(sizeToAllocate);
+ spe->fLength = n;
spe->fNext = 0;
XMLString::copyNString((XMLCh*)spe->fString, in, n);
Modified: xerces/c/trunk/src/xercesc/dom/impl/DOMStringPool.hpp
URL:
http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/dom/impl/DOMStringPool.hpp?rev=1327014&r1=1327013&r2=1327014&view=diff
==============================================================================
--- xerces/c/trunk/src/xercesc/dom/impl/DOMStringPool.hpp (original)
+++ xerces/c/trunk/src/xercesc/dom/impl/DOMStringPool.hpp Tue Apr 17 09:35:00
2012
@@ -43,13 +43,14 @@ class DOMDocumentImpl;
// hash table array itself is a pointer to the head
// of a singly-linked list of these structs.
//
-// Although this struct is delcared with a string length
of one,
+// Although this struct is declared with a string length
of one,
// the factory method allocates enough storage to hold
the full
// string length.
//
struct DOMStringPoolEntry
{
DOMStringPoolEntry *fNext;
+ XMLSize_t fLength;
XMLCh fString[1];
};
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
