XMLReader.cpp

scantor Mon, 02 Mar 2015 10:06:32 -0800

Author: scantor
Date: Mon Mar  2 18:05:51 2015
New Revision: 1663379

URL: http://svn.apache.org/r1663379
Log:
Add Scott's GPG key to KEYS file


Modified:
    xerces/c/branches/xerces-3.1/KEYS
    xerces/c/branches/xerces-3.1/src/xercesc/internal/XMLReader.cpp

Modified: xerces/c/branches/xerces-3.1/KEYS
URL: 
http://svn.apache.org/viewvc/xerces/c/branches/xerces-3.1/KEYS?rev=1663379&r1=1663378&r2=1663379&view=diff
==============================================================================
--- xerces/c/branches/xerces-3.1/KEYS (original)
+++ xerces/c/branches/xerces-3.1/KEYS Mon Mar  2 18:05:51 2015
@@ -15,6 +15,7 @@ Boris Kolpackov     bo...@kolpackov.net
 Tinny Ng            t...@apache.org
 Gareth Reakes       gar...@apache.org
 Neil Graham         ne...@apache.org
+Scott Cantor        canto...@osu.edu
 
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 Version: GnuPG v1.2.5 (GNU/Linux)
@@ -224,3 +225,99 @@ smUlVt+wRiRQmIhJBBgRAgAJBQJAMSVjAhsMAAoJ
 HnUmiKj1nzOTMG+DlKq0AJ42j+nRdCDjdX6tK5/7cy5JnUe7bg==
 =jqXV
 -----END PGP PUBLIC KEY BLOCK-----
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1
+
+mQINBE56gwwBEADI6Y7tBIdYr8t0zfHU2hRbD7GfuanIkn4Fhf/CZ7ICN+SfA/XP
+JAx3HDRkM/nc65U2mKG7vG3zlNOcKgeFoCwqhlLc4sSGP6DDoPYKtZOLEHwA/sIy
+Lldw3re5KbCFIElnbBW/0av15IGHXgyylmG24jhlY/ufjLd53Qm4agxv51kdYdgH
+cI0djzLqvMWTabWhw8QtmitPZSKdqOwTqkIt6bYAdOvc9r5bvAzemw6IO01L9aX7
+/yFIVJAYySL/UpbEtLcl3B/qXUXwhiq2bAUtvdmV+35FSMrAgfD25bYv+dVoJdtX
+Gb4tQcPteSRDIQYswT+bilEtGOOu9vqLvko3hSHOK2Yqc8SufDakrOlCWO1R00Sw
+QHGSkPKgA5O3RpOz3qbuPN6sDt/7FgqyzB6VqF9445bTqWDfIihXEAFr97gf28Xg
+ngAn2Tp8ZZ6zTzYWv3/GGvCedCcrHrIG/nKf0Z0/1q9Uf8P7crv2udGuZjs3bMtY
+RQNKzki/wKRuGnZ7HjgOEDIe8E+QMs+568i5vYqdaNrmCxUodRFjwkZ/0aRuHzxo
+JNQaB/r2Ckj5X/yEX6f45D0hiwBmIFz2+VUnis7RAPelcUl1X/kT4p/3gvKSsFE0
+Ti7JWCY9e+ntnzcsb4ywisFen9tQQPP4G++qnhGyApz323LfDVPJkFWWJwARAQAB
+tB9TY290dCBDYW50b3IgPGNhbnRvci4yQG9zdS5lZHU+iQI3BBMBCgAhBQJOeoMM
+AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEDeLhFQCJ3li6fwP/10LcYMk
+QhXODeO2+QkPTxM1VMxTBJCjM3ZX5ZpCCCUolJuhHlqNljpJUx6q2VP7UvNx1T1z
+eWlCrScHUZnxaS6Bh0WTz/SeNdMj1PDWLZeGn+EokRTNSRzHU2XJgdnURCNb8pWe
+rSuE8BuoMOXIRP+qj/fxKvNmo5q4zJ7y5P5qpQSUXxbdTuXi3gLuiWWfDJyFGs5o
+4mNIDAu0rVYkid4OovHMO/5tWahkv7tXDuKvLjHBii9n7sKlpmyJxMkxi+j8Jcba
+qHKu8nQNzEQh2GTQqI+SI/s13dvna8DhnfTKN/CqSgLVeWnN4Pi/uKX4vod1w6KC
+Xg8OvzlSGij//lIHrni2ZMvZrfbDwacIr9vzJK7pfCVQhKJQAEoZ6vJwF5OHPrlz
+xR3rseI/1AMrv6wSmoA3G5fUh/CEICe90Mpz3pjyQ7xoLil879tMWGGTIBExb3wJ
+XI/hcLLA9dBDvnDl6RL/B5yArNiT/hLhofW8Su0N5jdYXkgM1MA5q7vju+Bt/yfP
+SDEHBaAp2XCHXXOyUpXV8s8wvu2JXJPaJ3akYY47eBQnkG7gt5SQud1Bl4RFnBZx
+3QiEOwQlYhrODSVsRYIu1bsJ/8HT9foxP3CrxqrrhQySyc5TqIj3VmQfeaPYjxPL
+6eX5ldS3VxWCP4DJh3IchYsd9mRAu+QfmgnmiQIcBBMBAgAGBQJOe++jAAoJEPpB
+tfcwojYumlUQAIDiXg0ErWbfzOIlnQgGVYEqBeLi/QsrSO/VauytDMtaKOgdJosy
+33DNteMPICW6DGr7wZ89evduZXlnKjox4mLJsvNAJfNuw+Gk3eJPu1ECdTkRftB5
+/f3ShYcH0ZJOvaMTzLDd2bHdQYW4/gQuYcjLFi9ZJ1KMZM9E5U41Gu5Hr/JUKvPL
+/nVU9ji/Dn0i/4nFuNjmITTRM21pc1wfYz0rvGfCuNIAYThxWIelXXaCpF0P3hfw
+X/EoLE8P6QkJoAgoPa58Zx1qdptTqUz5TKuxw2+eleMNQUd2V0TbjnJ90GBubxEt
+bMkkrP0RPP+ti2j4DoU1k9Ghxtp5K/QDUnq/kySao1UhI5HHILOeG77fSzYqfDYy
+fTaq4z8LFp3Gus3/dlYZxq3b1Hcobs4X2oQxX7k0nzgwc2qZR0JhKN0quHhUZly8
+D/4qvEN2Uqa6TkuPlC1vdAC/SqXpxQQQn56S6fNCZbxQfPhc7Anmvc4jXC4Z09KE
+roi0uWzZbcfG7e8NEVba2tuPn8YefrtokJGqQu3FGmA3ij1g+8LyR2PxY7+IzDXT
+Ds5+msQDxLUKOc7CRnBDoyqv4llmT8woUcB7LAiIsTWLVU96Xazijs1dpoW2GgVH
+fdEhbcswYVSzJ+rIv+1EbMMbd+yjlU7L/h+Ia6UnxitZb0qNca51AhvciEYEEBEK
+AAYFAk6ApGIACgkQpXtW80eQXRUgxwCePIV9LehYh+Jio8mtQ74I/NWvfDQAoLmX
+TfmKAganE+r/FcCcwykzj70ViEYEEBECAAYFAk6DTO8ACgkQ70D8KeoogrukNwCd
+GX5zZOsC44CjV2AopI8KoMFJto4AoMH+qA35GIBUkEt8IoRVFs1rp3TGiQEcBBAB
+AgAGBQJOfS4aAAoJEH8LUwap169VyrAH/1lrWiCJarm8eFLNlajcDt5TR5ZpanZV
+UbuzAp9Jk8XtBkCMssnuzcqqSbGmq3P6CuaSTx0BybBOhRgC+UCb/DCS0TGomJYU
+TcG7e7MyJZC4ocarORGURABk1UK/fkgEBn+9o2jdDlf7bm7JHlZJ8huLjiAq5fap
+zp5WhTUAcreHjYieTS5umt01yxFatxhqiTbNXzs1c7Hc19rW4cTLREm6YQUNwTIx
+qJ2hHyDfU13ephowv1DpoAwLXdHAsNy/C8RKRlr0Qc4snihVkGevLNWatYK4HP6M
+0tEvGX9CpnTXpOsLZkfp96RMtE2TEvMEEA0HVoZPE7/kCyYR5DForeqJAhwEEAEC
+AAYFAk6DkGAACgkQmoBOl9cHnHeZQw//QoUi0oP1lp7MjbFKGovCiCQU1qE0YEDH
+pkkDxwj/yoGK3ylOGd32regz3TuoV4AP7ZF7eZvrIXsVB5p2b8FL4IkBJi9/cXUJ
+dZ+cy/0Cd7vivd48nEBTNZvHNkyKyjFW8/FcE2IyylJIb9acV2WnZgGqfOMp8k/l
+KczfzNaaV3FFVY15Q1Q7heSUiAof85/dxAOoW0i1j7dmRNEKRHIme0v71Qv+J714
+c95ujg1d83rIa5uVfD/EeBbJn9WvRWO7OPYylhuyJHurtvQ2CJL9/RUL3mIsaNxT
+HweXfKuLsyYoIkQL7HpDIGDpZ5jPMrvSSeP/8wgY/NUNrXhYsVK00Djd+vV925xD
+rdA46pNEF4FwlL4WFHZgGurPxGYJ4MXleWsQ21t70GvTJIt1FrF55aYuHJcf5x+8
+VinG2tu1pCJg5b94OJ9km1BY/xjgnNwxafqplsBVfMjLN9NM0j2wKq/glztBgIra
+KqZocQi5omrmhiJp1qrdOdWFhRtIY2kCyoX48137FbshAw/O9ETF6p5EuKEHd+Tj
+stThW6oIIcbSV6PKAi9n0cL5URL9JKO1+q6QsT4YssuixaB0bfuF9BuYdvy2xoyF
+eKD4uN+qScqM2/N5Aoechj9aIfhqyhX4Ex8WpKdzEzV84pfGvvWk8kEZQESHr2hZ
+RqykkdLpqmqJAhwEEAECAAYFAk6UUdsACgkQoLPLCdKzc1MFWw/+Ln0WSpZa6HHr
+7v+zBIjT8gWKNcTh4QY11wSmamZmFJ6FpnKfJsQBnSw5h6yhZ4uL+pr/XhznDZJY
+yhdR3novamyrBfVJHkpQjcxC80aECdsIz+3p1vNEKBFnADez90gUcFRNVxd8waOZ
+sDf0VwRsu8cv+umMt+/LrpwsJz8mWmzU1qzITiAMN0IXdnzAqA7fOrFZvcfAn0My
+SPGDyThUsG0rl2DJH8f1WvbDuQPSw2l+/Wm2nxwB4sCQYhnrvFu1cCWIeWnK/5U1
+EG1FvB5XKOSCs90Y3fLe6nwlqXAC0dqTj2CWoove5RKJ67U/R8foi/YJmvTzdQ/N
+Lcu2zGGLTnTLJLnR/Fw9BQShItFYk/N5c5dls90/9iDXSbLhy4SzKPkdsKxPTOIy
+7Kej+KkSdzVaYw5DXtwl8FUIEOkPhI7Vxm+eNTL2WNeONqRzxO3OnkwyIMOT+y6R
+9CXIpv4l0HaT1mqXSwdc8Z7ZgkcmMg2IXdCjb1jQ0bK/jwBNlyvNig/Hxdq95vHl
+C5uG7hgPLX9rKrkOStqJC5WU9TSyF5oE4Ug4EgY8v4hVM/eQJrWHctnqk+aEYFwL
+CQyjApfpzuf9bCEQNbER2lwpz3M0JIl4SonYlTrkaZE4cd5jMWISFdsGAhv6RKaH
+gh5LlDIgQ0kaRg2sbnEECUfa/N8SuSS5Ag0ETnqDDAEQALc2/PpXjPRCzIk4MG+B
+BisGO8DbepljnK5b8KfppxjeFTyWtH7Q5/5Bcj8bRZIOKFZR5Zj1BpOUbpEa5fSt
+6sxzLlmvjaoYzOvRcPYWZbwnC9G6qqvwigdBsiV/259lf1kYALlUAC/D+HwEP7fE
+n/NJU00ONCJhOhf/5+dgBbCtEufoBu9YggDWOg7jM+BlD28E1dRSmammFXYs+BK8
+Xf6mrqzw3IHGqrYkkJzn+qq2CF/y2asEK6RJq7o/JecT9TfHky7cdIlv5gdAF2Mh
+9nl5rXJR02B476D4GWo0jtqG5y3Q54Kiecx2V5Al+ESxYAqv9wODb8SzrVQ2MoiA
+9x3ENeu2g26YzB3rZXlClzFiAOP+qPlmbPW4W4H+sQ2u90KroPET+FV+xQaxHtrN
+MXHPXdeWGwPKxq6uI7xgd4VBMP7Sv97lbn7fpkax6jRRIyrOPTCk3PL7uAssUDdt
+TunX66f/ODA/d1Y0FJGFKy9s8WyXAb0EwOUrhNJqgUf3vCB/FAWJrjOJ1nVLhzU7
+MCqs0bAKnT32dWzZ36PXpqTRRJdpntiF4TYIgaW6RhBVmNNmxF3bQiHf4aTDYRN8
+uqcScE7cao9SsPrt9qnC9JbMM+bQhdAq1uYWvVA8zucR95GNffzV1J29lhTalYst
+NisKWxxuY0HENtOgJsKPxbp9ABEBAAGJAh8EGAEKAAkFAk56gwwCGwwACgkQN4uE
+VAIneWI8hA//b89SV9KuExBVcc4JWvAW4VcJWl6DpmyXDscPJ3tqjtzWfnnJ6Fkt
+HQ0XtQCS3GgIAtocKQ6Wdzq+WwqUElAZcHQP68TjCaJuximDvaBqeeFfnIzZcyaW
+9dXCrmM4+h3ZlRim86OuRvLWFCtHw07I1llODIexwM7WR/VJodHvddNw35Bn9rkv
+HgPFlXNrAcArZXyU4pciey8VTvr36HW/USkz8dDxm0ATWxWsZiuuEs+MY1VE2Yh5
+/Y99va0w7+8s0Lgojvglksu04u/PW0XFID1r9m24OFJUz5+NDiHwFG/7NT9/Sd5S
+A4OBrLWXAYxjU2uaOubRd5tPrNpg2wwE6Bqs6r9HxxOogw73LbnRWaFG4Cf+Q0qr
+AOV3uVQkUb8Ed0vbeziUuHkHcQ2FsYDxoaKLzXcz3j023SH5FgcPlsKJI9K7AFCn
+8e412bY2F3xujSXRB6hkC2Hltt5DJsSHaGNY41jhCcHQ9KvKezNmrpvTXI59bFv0
+VDzy7vlN67Y3On4X+FVqb6ejVae2vP+nIEk2S+Hmr2CDrlwwmuOCrJxoVqTwTiTX
+mVrwpIBjQlG8wK563t4g053+oidWjK106DfN/CFdrL4n5ALxJzJIWH41IAyBTjDq
+7Hy4UVCwEes88l4iYs50+q45cZYsbCms8svXSwt6pcAuKQiKaJdECm0=
+=ShRP
+-----END PGP PUBLIC KEY BLOCK-----
+

Modified: xerces/c/branches/xerces-3.1/src/xercesc/internal/XMLReader.cpp
URL: 
http://svn.apache.org/viewvc/xerces/c/branches/xerces-3.1/src/xercesc/internal/XMLReader.cpp?rev=1663379&r1=1663378&r2=1663379&view=diff
==============================================================================
--- xerces/c/branches/xerces-3.1/src/xercesc/internal/XMLReader.cpp (original)
+++ xerces/c/branches/xerces-3.1/src/xercesc/internal/XMLReader.cpp Mon Mar  2 
18:05:51 2015
@@ -31,7 +31,6 @@
 #include <xercesc/util/XMLEBCDICTranscoder.hpp>
 #include <xercesc/util/XMLString.hpp>
 #include <xercesc/util/Janitor.hpp>
-
 XERCES_CPP_NAMESPACE_BEGIN
 
 // ---------------------------------------------------------------------------
@@ -1460,6 +1459,17 @@ void XMLReader::doInitDecode()
 
             while (fRawBufIndex < fRawBytesAvail)
             {
+                // Security fix: make sure there are at least sizeof(UCS4Ch) 
bytes to consume.
+                if (fRawBufIndex + sizeof(UCS4Ch) > fRawBytesAvail) {
+                    ThrowXMLwithMemMgr1
+                    (
+                        TranscodingException
+                        , XMLExcepts::Reader_CouldNotDecodeFirstLine
+                        , fSystemId
+                        , fMemoryManager
+                    );
+                }
+
                 // Get out the current 4 byte value and inc our raw buf index
                 UCS4Ch curVal = *asUCS++;
                 fRawBufIndex += sizeof(UCS4Ch);
@@ -1619,6 +1629,17 @@ void XMLReader::doInitDecode()
 
             while (fRawBufIndex < fRawBytesAvail)
             {
+                // Security fix: make sure there are at least sizeof(UTF16Ch) 
bytes to consume.
+                if (fRawBufIndex + sizeof(UTF16Ch) > fRawBytesAvail) {
+                    ThrowXMLwithMemMgr1
+                    (
+                        TranscodingException
+                        , XMLExcepts::Reader_CouldNotDecodeFirstLine
+                        , fSystemId
+                        , fMemoryManager
+                    );
+                }
+
                 // Get out the current 2 byte value
                 UTF16Ch curVal = *asUTF16++;
                 fRawBufIndex += sizeof(UTF16Ch);
@@ -1708,6 +1729,17 @@ void XMLReader::doInitDecode()
 //
 void XMLReader::refreshRawBuffer()
 {
+    // Security fix: make sure we don't underflow on the subtraction.
+    if (fRawBufIndex > fRawBytesAvail) {
+        ThrowXMLwithMemMgr1
+        (
+            RuntimeException
+            , XMLExcepts::Str_StartIndexPastEnd
+            , fSystemId
+            , fMemoryManager
+        );
+    }
+
     //
     //  If there are any bytes left, move them down to the start. There
     //  should only ever be (max bytes per char - 1) at the most.



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@xerces.apache.org
For additional commands, e-mail: commits-h...@xerces.apache.org

svn commit: r1663379 - in /xerces/c/branches/xerces-3.1: KEYS src/xercesc/internal/XMLReader.cpp

Reply via email to