Author: scantor
Date: Wed Jun 21 22:32:05 2017
New Revision: 1799527
URL: http://svn.apache.org/viewvc?rev=1799527&view=rev
Log:
Port XERCESC-2066,2069 from 3.1 branch.
Modified:
xerces/c/trunk/ (props changed)
xerces/c/trunk/src/xercesc/validators/DTD/DTDScanner.cpp
xerces/c/trunk/src/xercesc/validators/DTD/DTDScanner.hpp
Propchange: xerces/c/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Jun 21 22:32:05 2017
@@ -1 +1 @@
-/xerces/c/branches/xerces-3.1:1662879,1662887,1662893-1662894,1663359,1663377,1726088,1747618
+/xerces/c/branches/xerces-3.1:1662879,1662887,1662893-1662894,1663359,1663377,1726088,1747618-1747619
Modified: xerces/c/trunk/src/xercesc/validators/DTD/DTDScanner.cpp
URL:
http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/validators/DTD/DTDScanner.cpp?rev=1799527&r1=1799526&r2=1799527&view=diff
==============================================================================
--- xerces/c/trunk/src/xercesc/validators/DTD/DTDScanner.cpp (original)
+++ xerces/c/trunk/src/xercesc/validators/DTD/DTDScanner.cpp Wed Jun 21
22:32:05 2017
@@ -44,6 +44,8 @@
XERCES_CPP_NAMESPACE_BEGIN
+#define CONTENTSPEC_DEPTH_LIMIT 1000
+
// ---------------------------------------------------------------------------
// Local methods
// ---------------------------------------------------------------------------
@@ -1038,8 +1040,13 @@ bool DTDScanner::scanCharRef(XMLCh& firs
ContentSpecNode*
-DTDScanner::scanChildren(const DTDElementDecl& elemDecl, XMLBuffer& bufToUse)
+DTDScanner::scanChildren(const DTDElementDecl& elemDecl, XMLBuffer& bufToUse,
unsigned int& depth)
{
+ if (depth++ > CONTENTSPEC_DEPTH_LIMIT) {
+ fScanner->emitError(XMLErrs::UnterminatedDOCTYPE);
+ return 0;
+ }
+
// Check for a PE ref here, but don't require spaces
checkForPERef(false, true);
@@ -1240,7 +1247,7 @@ DTDScanner::scanChildren(const DTDElemen
// Recurse to handle this new guy
ContentSpecNode* subNode;
try {
- subNode = scanChildren(elemDecl, bufToUse);
+ subNode = scanChildren(elemDecl, bufToUse, depth);
}
catch (const XMLErrs::Codes)
{
@@ -1577,7 +1584,8 @@ bool DTDScanner::scanContentSpec(DTDElem
//
toFill.setModelType(DTDElementDecl::Children);
XMLBufBid bbTmp(fBufMgr);
- ContentSpecNode* resNode = scanChildren(toFill, bbTmp.getBuffer());
+ unsigned int depth = 0;
+ ContentSpecNode* resNode = scanChildren(toFill, bbTmp.getBuffer(),
depth);
status = (resNode != 0);
if (status)
toFill.setContentSpec(resNode);
@@ -2509,7 +2517,15 @@ void DTDScanner::scanExtSubsetDecl(const
{
while (true)
{
- const XMLCh nextCh = fReaderMgr->peekNextChar();
+ XMLCh nextCh;
+
+ try {
+ nextCh = fReaderMgr->peekNextChar();
+ }
+ catch (XMLException& ex) {
+ fScanner->emitError(XMLErrs::XMLException_Fatal,
ex.getCode(), ex.getMessage(), NULL, NULL);
+ nextCh = chNull;
+ }
if (!nextCh)
{
Modified: xerces/c/trunk/src/xercesc/validators/DTD/DTDScanner.hpp
URL:
http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/validators/DTD/DTDScanner.hpp?rev=1799527&r1=1799526&r2=1799527&view=diff
==============================================================================
--- xerces/c/trunk/src/xercesc/validators/DTD/DTDScanner.hpp (original)
+++ xerces/c/trunk/src/xercesc/validators/DTD/DTDScanner.hpp Wed Jun 21
22:32:05 2017
@@ -143,6 +143,7 @@ private:
(
const DTDElementDecl& elemDecl
, XMLBuffer& bufToUse
+ , unsigned int& depth
);
bool scanCharRef(XMLCh& toFill, XMLCh& second);
void scanComment();
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
