Author: scantor Date: Mon Mar 2 18:05:51 2015 New Revision: 1663379 URL: http://svn.apache.org/r1663379 Log: Add Scott's GPG key to KEYS file
Modified: xerces/c/branches/xerces-3.1/KEYS xerces/c/branches/xerces-3.1/src/xercesc/internal/XMLReader.cpp Modified: xerces/c/branches/xerces-3.1/KEYS URL: http://svn.apache.org/viewvc/xerces/c/branches/xerces-3.1/KEYS?rev=1663379&r1=1663378&r2=1663379&view=diff ============================================================================== --- xerces/c/branches/xerces-3.1/KEYS (original) +++ xerces/c/branches/xerces-3.1/KEYS Mon Mar 2 18:05:51 2015 @@ -15,6 +15,7 @@ Boris Kolpackov bo...@kolpackov.net Tinny Ng t...@apache.org Gareth Reakes gar...@apache.org Neil Graham ne...@apache.org +Scott Cantor canto...@osu.edu -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.2.5 (GNU/Linux) @@ -224,3 +225,99 @@ smUlVt+wRiRQmIhJBBgRAgAJBQJAMSVjAhsMAAoJ HnUmiKj1nzOTMG+DlKq0AJ42j+nRdCDjdX6tK5/7cy5JnUe7bg== =jqXV -----END PGP PUBLIC KEY BLOCK----- + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1 + +mQINBE56gwwBEADI6Y7tBIdYr8t0zfHU2hRbD7GfuanIkn4Fhf/CZ7ICN+SfA/XP +JAx3HDRkM/nc65U2mKG7vG3zlNOcKgeFoCwqhlLc4sSGP6DDoPYKtZOLEHwA/sIy +Lldw3re5KbCFIElnbBW/0av15IGHXgyylmG24jhlY/ufjLd53Qm4agxv51kdYdgH +cI0djzLqvMWTabWhw8QtmitPZSKdqOwTqkIt6bYAdOvc9r5bvAzemw6IO01L9aX7 +/yFIVJAYySL/UpbEtLcl3B/qXUXwhiq2bAUtvdmV+35FSMrAgfD25bYv+dVoJdtX +Gb4tQcPteSRDIQYswT+bilEtGOOu9vqLvko3hSHOK2Yqc8SufDakrOlCWO1R00Sw +QHGSkPKgA5O3RpOz3qbuPN6sDt/7FgqyzB6VqF9445bTqWDfIihXEAFr97gf28Xg +ngAn2Tp8ZZ6zTzYWv3/GGvCedCcrHrIG/nKf0Z0/1q9Uf8P7crv2udGuZjs3bMtY +RQNKzki/wKRuGnZ7HjgOEDIe8E+QMs+568i5vYqdaNrmCxUodRFjwkZ/0aRuHzxo +JNQaB/r2Ckj5X/yEX6f45D0hiwBmIFz2+VUnis7RAPelcUl1X/kT4p/3gvKSsFE0 +Ti7JWCY9e+ntnzcsb4ywisFen9tQQPP4G++qnhGyApz323LfDVPJkFWWJwARAQAB +tB9TY290dCBDYW50b3IgPGNhbnRvci4yQG9zdS5lZHU+iQI3BBMBCgAhBQJOeoMM +AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEDeLhFQCJ3li6fwP/10LcYMk +QhXODeO2+QkPTxM1VMxTBJCjM3ZX5ZpCCCUolJuhHlqNljpJUx6q2VP7UvNx1T1z +eWlCrScHUZnxaS6Bh0WTz/SeNdMj1PDWLZeGn+EokRTNSRzHU2XJgdnURCNb8pWe +rSuE8BuoMOXIRP+qj/fxKvNmo5q4zJ7y5P5qpQSUXxbdTuXi3gLuiWWfDJyFGs5o +4mNIDAu0rVYkid4OovHMO/5tWahkv7tXDuKvLjHBii9n7sKlpmyJxMkxi+j8Jcba +qHKu8nQNzEQh2GTQqI+SI/s13dvna8DhnfTKN/CqSgLVeWnN4Pi/uKX4vod1w6KC +Xg8OvzlSGij//lIHrni2ZMvZrfbDwacIr9vzJK7pfCVQhKJQAEoZ6vJwF5OHPrlz +xR3rseI/1AMrv6wSmoA3G5fUh/CEICe90Mpz3pjyQ7xoLil879tMWGGTIBExb3wJ +XI/hcLLA9dBDvnDl6RL/B5yArNiT/hLhofW8Su0N5jdYXkgM1MA5q7vju+Bt/yfP +SDEHBaAp2XCHXXOyUpXV8s8wvu2JXJPaJ3akYY47eBQnkG7gt5SQud1Bl4RFnBZx +3QiEOwQlYhrODSVsRYIu1bsJ/8HT9foxP3CrxqrrhQySyc5TqIj3VmQfeaPYjxPL +6eX5ldS3VxWCP4DJh3IchYsd9mRAu+QfmgnmiQIcBBMBAgAGBQJOe++jAAoJEPpB +tfcwojYumlUQAIDiXg0ErWbfzOIlnQgGVYEqBeLi/QsrSO/VauytDMtaKOgdJosy +33DNteMPICW6DGr7wZ89evduZXlnKjox4mLJsvNAJfNuw+Gk3eJPu1ECdTkRftB5 +/f3ShYcH0ZJOvaMTzLDd2bHdQYW4/gQuYcjLFi9ZJ1KMZM9E5U41Gu5Hr/JUKvPL +/nVU9ji/Dn0i/4nFuNjmITTRM21pc1wfYz0rvGfCuNIAYThxWIelXXaCpF0P3hfw +X/EoLE8P6QkJoAgoPa58Zx1qdptTqUz5TKuxw2+eleMNQUd2V0TbjnJ90GBubxEt +bMkkrP0RPP+ti2j4DoU1k9Ghxtp5K/QDUnq/kySao1UhI5HHILOeG77fSzYqfDYy +fTaq4z8LFp3Gus3/dlYZxq3b1Hcobs4X2oQxX7k0nzgwc2qZR0JhKN0quHhUZly8 +D/4qvEN2Uqa6TkuPlC1vdAC/SqXpxQQQn56S6fNCZbxQfPhc7Anmvc4jXC4Z09KE +roi0uWzZbcfG7e8NEVba2tuPn8YefrtokJGqQu3FGmA3ij1g+8LyR2PxY7+IzDXT +Ds5+msQDxLUKOc7CRnBDoyqv4llmT8woUcB7LAiIsTWLVU96Xazijs1dpoW2GgVH +fdEhbcswYVSzJ+rIv+1EbMMbd+yjlU7L/h+Ia6UnxitZb0qNca51AhvciEYEEBEK +AAYFAk6ApGIACgkQpXtW80eQXRUgxwCePIV9LehYh+Jio8mtQ74I/NWvfDQAoLmX +TfmKAganE+r/FcCcwykzj70ViEYEEBECAAYFAk6DTO8ACgkQ70D8KeoogrukNwCd +GX5zZOsC44CjV2AopI8KoMFJto4AoMH+qA35GIBUkEt8IoRVFs1rp3TGiQEcBBAB +AgAGBQJOfS4aAAoJEH8LUwap169VyrAH/1lrWiCJarm8eFLNlajcDt5TR5ZpanZV +UbuzAp9Jk8XtBkCMssnuzcqqSbGmq3P6CuaSTx0BybBOhRgC+UCb/DCS0TGomJYU +TcG7e7MyJZC4ocarORGURABk1UK/fkgEBn+9o2jdDlf7bm7JHlZJ8huLjiAq5fap +zp5WhTUAcreHjYieTS5umt01yxFatxhqiTbNXzs1c7Hc19rW4cTLREm6YQUNwTIx +qJ2hHyDfU13ephowv1DpoAwLXdHAsNy/C8RKRlr0Qc4snihVkGevLNWatYK4HP6M +0tEvGX9CpnTXpOsLZkfp96RMtE2TEvMEEA0HVoZPE7/kCyYR5DForeqJAhwEEAEC +AAYFAk6DkGAACgkQmoBOl9cHnHeZQw//QoUi0oP1lp7MjbFKGovCiCQU1qE0YEDH +pkkDxwj/yoGK3ylOGd32regz3TuoV4AP7ZF7eZvrIXsVB5p2b8FL4IkBJi9/cXUJ +dZ+cy/0Cd7vivd48nEBTNZvHNkyKyjFW8/FcE2IyylJIb9acV2WnZgGqfOMp8k/l +KczfzNaaV3FFVY15Q1Q7heSUiAof85/dxAOoW0i1j7dmRNEKRHIme0v71Qv+J714 +c95ujg1d83rIa5uVfD/EeBbJn9WvRWO7OPYylhuyJHurtvQ2CJL9/RUL3mIsaNxT +HweXfKuLsyYoIkQL7HpDIGDpZ5jPMrvSSeP/8wgY/NUNrXhYsVK00Djd+vV925xD +rdA46pNEF4FwlL4WFHZgGurPxGYJ4MXleWsQ21t70GvTJIt1FrF55aYuHJcf5x+8 +VinG2tu1pCJg5b94OJ9km1BY/xjgnNwxafqplsBVfMjLN9NM0j2wKq/glztBgIra +KqZocQi5omrmhiJp1qrdOdWFhRtIY2kCyoX48137FbshAw/O9ETF6p5EuKEHd+Tj +stThW6oIIcbSV6PKAi9n0cL5URL9JKO1+q6QsT4YssuixaB0bfuF9BuYdvy2xoyF +eKD4uN+qScqM2/N5Aoechj9aIfhqyhX4Ex8WpKdzEzV84pfGvvWk8kEZQESHr2hZ +RqykkdLpqmqJAhwEEAECAAYFAk6UUdsACgkQoLPLCdKzc1MFWw/+Ln0WSpZa6HHr +7v+zBIjT8gWKNcTh4QY11wSmamZmFJ6FpnKfJsQBnSw5h6yhZ4uL+pr/XhznDZJY +yhdR3novamyrBfVJHkpQjcxC80aECdsIz+3p1vNEKBFnADez90gUcFRNVxd8waOZ +sDf0VwRsu8cv+umMt+/LrpwsJz8mWmzU1qzITiAMN0IXdnzAqA7fOrFZvcfAn0My +SPGDyThUsG0rl2DJH8f1WvbDuQPSw2l+/Wm2nxwB4sCQYhnrvFu1cCWIeWnK/5U1 +EG1FvB5XKOSCs90Y3fLe6nwlqXAC0dqTj2CWoove5RKJ67U/R8foi/YJmvTzdQ/N +Lcu2zGGLTnTLJLnR/Fw9BQShItFYk/N5c5dls90/9iDXSbLhy4SzKPkdsKxPTOIy +7Kej+KkSdzVaYw5DXtwl8FUIEOkPhI7Vxm+eNTL2WNeONqRzxO3OnkwyIMOT+y6R +9CXIpv4l0HaT1mqXSwdc8Z7ZgkcmMg2IXdCjb1jQ0bK/jwBNlyvNig/Hxdq95vHl +C5uG7hgPLX9rKrkOStqJC5WU9TSyF5oE4Ug4EgY8v4hVM/eQJrWHctnqk+aEYFwL +CQyjApfpzuf9bCEQNbER2lwpz3M0JIl4SonYlTrkaZE4cd5jMWISFdsGAhv6RKaH +gh5LlDIgQ0kaRg2sbnEECUfa/N8SuSS5Ag0ETnqDDAEQALc2/PpXjPRCzIk4MG+B +BisGO8DbepljnK5b8KfppxjeFTyWtH7Q5/5Bcj8bRZIOKFZR5Zj1BpOUbpEa5fSt +6sxzLlmvjaoYzOvRcPYWZbwnC9G6qqvwigdBsiV/259lf1kYALlUAC/D+HwEP7fE +n/NJU00ONCJhOhf/5+dgBbCtEufoBu9YggDWOg7jM+BlD28E1dRSmammFXYs+BK8 +Xf6mrqzw3IHGqrYkkJzn+qq2CF/y2asEK6RJq7o/JecT9TfHky7cdIlv5gdAF2Mh +9nl5rXJR02B476D4GWo0jtqG5y3Q54Kiecx2V5Al+ESxYAqv9wODb8SzrVQ2MoiA +9x3ENeu2g26YzB3rZXlClzFiAOP+qPlmbPW4W4H+sQ2u90KroPET+FV+xQaxHtrN +MXHPXdeWGwPKxq6uI7xgd4VBMP7Sv97lbn7fpkax6jRRIyrOPTCk3PL7uAssUDdt +TunX66f/ODA/d1Y0FJGFKy9s8WyXAb0EwOUrhNJqgUf3vCB/FAWJrjOJ1nVLhzU7 +MCqs0bAKnT32dWzZ36PXpqTRRJdpntiF4TYIgaW6RhBVmNNmxF3bQiHf4aTDYRN8 +uqcScE7cao9SsPrt9qnC9JbMM+bQhdAq1uYWvVA8zucR95GNffzV1J29lhTalYst +NisKWxxuY0HENtOgJsKPxbp9ABEBAAGJAh8EGAEKAAkFAk56gwwCGwwACgkQN4uE +VAIneWI8hA//b89SV9KuExBVcc4JWvAW4VcJWl6DpmyXDscPJ3tqjtzWfnnJ6Fkt +HQ0XtQCS3GgIAtocKQ6Wdzq+WwqUElAZcHQP68TjCaJuximDvaBqeeFfnIzZcyaW +9dXCrmM4+h3ZlRim86OuRvLWFCtHw07I1llODIexwM7WR/VJodHvddNw35Bn9rkv +HgPFlXNrAcArZXyU4pciey8VTvr36HW/USkz8dDxm0ATWxWsZiuuEs+MY1VE2Yh5 +/Y99va0w7+8s0Lgojvglksu04u/PW0XFID1r9m24OFJUz5+NDiHwFG/7NT9/Sd5S +A4OBrLWXAYxjU2uaOubRd5tPrNpg2wwE6Bqs6r9HxxOogw73LbnRWaFG4Cf+Q0qr +AOV3uVQkUb8Ed0vbeziUuHkHcQ2FsYDxoaKLzXcz3j023SH5FgcPlsKJI9K7AFCn +8e412bY2F3xujSXRB6hkC2Hltt5DJsSHaGNY41jhCcHQ9KvKezNmrpvTXI59bFv0 +VDzy7vlN67Y3On4X+FVqb6ejVae2vP+nIEk2S+Hmr2CDrlwwmuOCrJxoVqTwTiTX +mVrwpIBjQlG8wK563t4g053+oidWjK106DfN/CFdrL4n5ALxJzJIWH41IAyBTjDq +7Hy4UVCwEes88l4iYs50+q45cZYsbCms8svXSwt6pcAuKQiKaJdECm0= +=ShRP +-----END PGP PUBLIC KEY BLOCK----- + Modified: xerces/c/branches/xerces-3.1/src/xercesc/internal/XMLReader.cpp URL: http://svn.apache.org/viewvc/xerces/c/branches/xerces-3.1/src/xercesc/internal/XMLReader.cpp?rev=1663379&r1=1663378&r2=1663379&view=diff ============================================================================== --- xerces/c/branches/xerces-3.1/src/xercesc/internal/XMLReader.cpp (original) +++ xerces/c/branches/xerces-3.1/src/xercesc/internal/XMLReader.cpp Mon Mar 2 18:05:51 2015 @@ -31,7 +31,6 @@ #include <xercesc/util/XMLEBCDICTranscoder.hpp> #include <xercesc/util/XMLString.hpp> #include <xercesc/util/Janitor.hpp> - XERCES_CPP_NAMESPACE_BEGIN // --------------------------------------------------------------------------- @@ -1460,6 +1459,17 @@ void XMLReader::doInitDecode() while (fRawBufIndex < fRawBytesAvail) { + // Security fix: make sure there are at least sizeof(UCS4Ch) bytes to consume. + if (fRawBufIndex + sizeof(UCS4Ch) > fRawBytesAvail) { + ThrowXMLwithMemMgr1 + ( + TranscodingException + , XMLExcepts::Reader_CouldNotDecodeFirstLine + , fSystemId + , fMemoryManager + ); + } + // Get out the current 4 byte value and inc our raw buf index UCS4Ch curVal = *asUCS++; fRawBufIndex += sizeof(UCS4Ch); @@ -1619,6 +1629,17 @@ void XMLReader::doInitDecode() while (fRawBufIndex < fRawBytesAvail) { + // Security fix: make sure there are at least sizeof(UTF16Ch) bytes to consume. + if (fRawBufIndex + sizeof(UTF16Ch) > fRawBytesAvail) { + ThrowXMLwithMemMgr1 + ( + TranscodingException + , XMLExcepts::Reader_CouldNotDecodeFirstLine + , fSystemId + , fMemoryManager + ); + } + // Get out the current 2 byte value UTF16Ch curVal = *asUTF16++; fRawBufIndex += sizeof(UTF16Ch); @@ -1708,6 +1729,17 @@ void XMLReader::doInitDecode() // void XMLReader::refreshRawBuffer() { + // Security fix: make sure we don't underflow on the subtraction. + if (fRawBufIndex > fRawBytesAvail) { + ThrowXMLwithMemMgr1 + ( + RuntimeException + , XMLExcepts::Str_StartIndexPastEnd + , fSystemId + , fMemoryManager + ); + } + // // If there are any bytes left, move them down to the start. There // should only ever be (max bytes per char - 1) at the most. --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@xerces.apache.org For additional commands, e-mail: commits-h...@xerces.apache.org