Author: scantor
Date: Thu Jun 22 18:14:37 2017
New Revision: 1799602
URL: http://svn.apache.org/viewvc?rev=1799602&view=rev
Log:
Port fixes from 3.1 branch for XERCESC-2046, 2061.
Modified:
xerces/c/trunk/ (props changed)
xerces/c/trunk/src/xercesc/internal/XMLReader.cpp
xerces/c/trunk/src/xercesc/util/XMLURL.cpp
xerces/c/trunk/src/xercesc/util/XMLUri.cpp
Propchange: xerces/c/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Jun 22 18:14:37 2017
@@ -1 +1 @@
-/xerces/c/branches/xerces-3.1:1662879,1662887,1662893-1662894,1663359,1663377,1726088,1747618-1747620
+/xerces/c/branches/xerces-3.1:1662879,1662887,1662893-1662894,1663359,1663377,1667870,1726088,1727978,1747618-1747620
Modified: xerces/c/trunk/src/xercesc/internal/XMLReader.cpp
URL:
http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/internal/XMLReader.cpp?rev=1799602&r1=1799601&r2=1799602&view=diff
==============================================================================
--- xerces/c/trunk/src/xercesc/internal/XMLReader.cpp (original)
+++ xerces/c/trunk/src/xercesc/internal/XMLReader.cpp Thu Jun 22 18:14:37 2017
@@ -1442,6 +1442,39 @@ void XMLReader::doInitDecode()
while (fRawBufIndex < fRawBytesAvail)
{
+ // Make sure there are at least sizeof(UCS4Ch) bytes to
consume.
+ if (fRawBufIndex + sizeof(UCS4Ch) > fRawBytesAvail) {
+ fCharsAvail = 0;
+ fRawBufIndex = 0;
+ fMemoryManager->deallocate(fPublicId);
+ fMemoryManager->deallocate(fEncodingStr);
+ ArrayJanitor<XMLCh> janValue(fSystemId, fMemoryManager);
+ ThrowXMLwithMemMgr1
+ (
+ TranscodingException
+ , XMLExcepts::Reader_CouldNotDecodeFirstLine
+ , fSystemId
+ , fMemoryManager
+ );
+ }
+
+ // Make sure we don't exhaust the limited prolog buffer size.
+ // Leave room for a space added at the end of this function.
+ if (fCharsAvail == kCharBufSize - 1) {
+ fCharsAvail = 0;
+ fRawBufIndex = 0;
+ fMemoryManager->deallocate(fPublicId);
+ fMemoryManager->deallocate(fEncodingStr);
+ ArrayJanitor<XMLCh> janValue(fSystemId, fMemoryManager);
+ ThrowXMLwithMemMgr1
+ (
+ TranscodingException
+ , XMLExcepts::Reader_CouldNotDecodeFirstLine
+ , fSystemId
+ , fMemoryManager
+ );
+ }
+
// Get out the current 4 byte value and inc our raw buf index
UCS4Ch curVal = *asUCS++;
fRawBufIndex += sizeof(UCS4Ch);
@@ -1518,6 +1551,23 @@ void XMLReader::doInitDecode()
const char curCh = *asChars++;
fRawBufIndex++;
+ // Make sure we don't exhaust the limited prolog buffer size.
+ // Leave room for a space added at the end of this function.
+ if (fCharsAvail == kCharBufSize - 1) {
+ fCharsAvail = 0;
+ fRawBufIndex = 0;
+ fMemoryManager->deallocate(fPublicId);
+ fMemoryManager->deallocate(fEncodingStr);
+ ArrayJanitor<XMLCh> janValue(fSystemId, fMemoryManager);
+ ThrowXMLwithMemMgr1
+ (
+ TranscodingException
+ , XMLExcepts::Reader_CouldNotDecodeFirstLine
+ , fSystemId
+ , fMemoryManager
+ );
+ }
+
// Looks ok, so store it
fCharSizeBuf[fCharsAvail] = 1;
fCharBuf[fCharsAvail++] = XMLCh(curCh);
@@ -1601,6 +1651,39 @@ void XMLReader::doInitDecode()
while (fRawBufIndex < fRawBytesAvail)
{
+ // Make sure there are at least sizeof(UTF16Ch) bytes to
consume.
+ if (fRawBufIndex + sizeof(UTF16Ch) > fRawBytesAvail) {
+ fCharsAvail = 0;
+ fRawBufIndex = 0;
+ fMemoryManager->deallocate(fPublicId);
+ fMemoryManager->deallocate(fEncodingStr);
+ ArrayJanitor<XMLCh> janValue(fSystemId, fMemoryManager);
+ ThrowXMLwithMemMgr1
+ (
+ TranscodingException
+ , XMLExcepts::Reader_CouldNotDecodeFirstLine
+ , fSystemId
+ , fMemoryManager
+ );
+ }
+
+ // Make sure we don't exhaust the limited prolog buffer size.
+ // Leave room for a space added at the end of this function.
+ if (fCharsAvail == kCharBufSize - 1) {
+ fCharsAvail = 0;
+ fRawBufIndex = 0;
+ fMemoryManager->deallocate(fPublicId);
+ fMemoryManager->deallocate(fEncodingStr);
+ ArrayJanitor<XMLCh> janValue(fSystemId, fMemoryManager);
+ ThrowXMLwithMemMgr1
+ (
+ TranscodingException
+ , XMLExcepts::Reader_CouldNotDecodeFirstLine
+ , fSystemId
+ , fMemoryManager
+ );
+ }
+
// Get out the current 2 byte value
UTF16Ch curVal = *asUTF16++;
fRawBufIndex += sizeof(UTF16Ch);
@@ -1636,6 +1719,24 @@ void XMLReader::doInitDecode()
const XMLCh chCur =
XMLEBCDICTranscoder::xlatThisOne(*srcPtr++);
fRawBufIndex++;
+ // Make sure we don't exhaust the limited prolog buffer size.
+ // Leave room for a space added at the end of this function.
+ if (fCharsAvail == kCharBufSize - 1) {
+ fCharsAvail = 0;
+ fRawBufIndex = 0;
+ fMemoryManager->deallocate(fPublicId);
+ fMemoryManager->deallocate(fEncodingStr);
+ ArrayJanitor<XMLCh> janValue(fSystemId, fMemoryManager);
+ ThrowXMLwithMemMgr1
+ (
+ TranscodingException
+ , XMLExcepts::Reader_CouldNotDecodeFirstLine
+ , fSystemId
+ , fMemoryManager
+ );
+ }
+
+
//
// And put it into the character buffer. This stuff has to
// look like it was normally transcoded.
@@ -1690,6 +1791,17 @@ void XMLReader::doInitDecode()
//
void XMLReader::refreshRawBuffer()
{
+ // Make sure we don't underflow on the subtraction.
+ if (fRawBufIndex > fRawBytesAvail) {
+ ThrowXMLwithMemMgr1
+ (
+ RuntimeException
+ , XMLExcepts::Str_StartIndexPastEnd
+ , fSystemId
+ , fMemoryManager
+ );
+ }
+
//
// If there are any bytes left, move them down to the start. There
// should only ever be (max bytes per char - 1) at the most.
Modified: xerces/c/trunk/src/xercesc/util/XMLURL.cpp
URL:
http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/util/XMLURL.cpp?rev=1799602&r1=1799601&r2=1799602&view=diff
==============================================================================
--- xerces/c/trunk/src/xercesc/util/XMLURL.cpp (original)
+++ xerces/c/trunk/src/xercesc/util/XMLURL.cpp Thu Jun 22 18:14:37 2017
@@ -611,9 +611,20 @@ BinInputStream* XMLURL::makeNewStream()
while (percentIndex != -1) {
- if (percentIndex+2 >= (int)end ||
- !isHexDigit(realPath[percentIndex+1]) ||
- !isHexDigit(realPath[percentIndex+2]))
+ // Isolate the length/boundary check so we don't try and copy
off the end.
+ if (percentIndex+2 >= (int)end)
+ {
+ XMLCh value1[3];
+ value1[1] = chNull;
+ value1[2] = chNull;
+ XMLString::moveChars(value1,
&(realPath[percentIndex]), (percentIndex + 1 >= (int)end ? 1 : 2));
+ ThrowXMLwithMemMgr2(MalformedURLException
+ ,
XMLExcepts::XMLNUM_URI_Component_Invalid_EscapeSequence
+ , realPath
+ , value1
+ , fMemoryManager);
+ }
+ else if (!isHexDigit(realPath[percentIndex+1]) ||
!isHexDigit(realPath[percentIndex+2]))
{
XMLCh value1[4];
XMLString::moveChars(value1, &(realPath[percentIndex]), 3);
Modified: xerces/c/trunk/src/xercesc/util/XMLUri.cpp
URL:
http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/util/XMLUri.cpp?rev=1799602&r1=1799601&r2=1799602&view=diff
==============================================================================
--- xerces/c/trunk/src/xercesc/util/XMLUri.cpp (original)
+++ xerces/c/trunk/src/xercesc/util/XMLUri.cpp Thu Jun 22 18:14:37 2017
@@ -858,11 +858,21 @@ void XMLUri::initializePath(const XMLCh*
// check for valid escape sequence
if (testChar == chPercent)
{
- if (index+2 >= end ||
- !XMLString::isHex(uriSpec[index+1]) ||
- !XMLString::isHex(uriSpec[index+2]))
+ if (index + 2 >= end)
{
- XMLCh value1[BUF_LEN+1];
+ XMLCh value1[3];
+ value1[1] = chNull;
+ value1[2] = chNull;
+ XMLString::moveChars(value1, &(uriSpec[index]), (index
+ 1 >= end ? 1 : 2));
+ ThrowXMLwithMemMgr2(MalformedURLException
+ ,
XMLExcepts::XMLNUM_URI_Component_Invalid_EscapeSequence
+ , errMsg_PATH
+ , value1
+ , fMemoryManager);
+ }
+ else if (!XMLString::isHex(uriSpec[index+1]) ||
!XMLString::isHex(uriSpec[index+2]))
+ {
+ XMLCh value1[4];
XMLString::moveChars(value1, &(uriSpec[index]), 3);
value1[3] = chNull;
ThrowXMLwithMemMgr2(MalformedURLException
@@ -875,7 +885,7 @@ void XMLUri::initializePath(const XMLCh*
else if (!isUnreservedCharacter(testChar) &&
!isPathCharacter(testChar))
{
- XMLCh value1[BUF_LEN+1];
+ XMLCh value1[2];
value1[0] = testChar;
value1[1] = chNull;
ThrowXMLwithMemMgr2(MalformedURLException
@@ -903,11 +913,21 @@ void XMLUri::initializePath(const XMLCh*
// check for valid escape sequence
if (testChar == chPercent)
{
- if (index+2 >= end ||
- !XMLString::isHex(uriSpec[index+1]) ||
- !XMLString::isHex(uriSpec[index+2]))
+ if (index + 2 >= end)
{
- XMLCh value1[BUF_LEN+1];
+ XMLCh value1[3];
+ value1[1] = chNull;
+ value1[2] = chNull;
+ XMLString::moveChars(value1, &(uriSpec[index]), (index
+ 1 >= end ? 1 : 2));
+ ThrowXMLwithMemMgr2(MalformedURLException
+ ,
XMLExcepts::XMLNUM_URI_Component_Invalid_EscapeSequence
+ , errMsg_PATH
+ , value1
+ , fMemoryManager);
+ }
+ else if (!XMLString::isHex(uriSpec[index+1]) ||
!XMLString::isHex(uriSpec[index+2]))
+ {
+ XMLCh value1[4];
XMLString::moveChars(value1, &(uriSpec[index]), 3);
value1[3] = chNull;
ThrowXMLwithMemMgr2(MalformedURLException
@@ -924,7 +944,7 @@ void XMLUri::initializePath(const XMLCh*
// contains '[' and ']'.
else if (!isReservedOrUnreservedCharacter(testChar))
{
- XMLCh value1[BUF_LEN+1];
+ XMLCh value1[2];
value1[0] = testChar;
value1[1] = chNull;
ThrowXMLwithMemMgr2(MalformedURLException
@@ -962,11 +982,21 @@ void XMLUri::initializePath(const XMLCh*
if (testChar == chPercent)
{
- if (index+2 >= end ||
- !XMLString::isHex(uriSpec[index+1]) ||
- !XMLString::isHex(uriSpec[index+2]))
+ if (index + 2 >= end)
+ {
+ XMLCh value1[3];
+ value1[1] = chNull;
+ value1[2] = chNull;
+ XMLString::moveChars(value1, &(uriSpec[index]), (index + 1
>= end ? 1 : 2));
+ ThrowXMLwithMemMgr2(MalformedURLException
+ ,
XMLExcepts::XMLNUM_URI_Component_Invalid_EscapeSequence
+ , errMsg_QUERY
+ , value1
+ , fMemoryManager);
+ }
+ if (!XMLString::isHex(uriSpec[index+1]) ||
!XMLString::isHex(uriSpec[index+2]))
{
- XMLCh value1[BUF_LEN+1];
+ XMLCh value1[4];
XMLString::moveChars(value1, &(uriSpec[index]), 3);
value1[3] = chNull;
ThrowXMLwithMemMgr2(MalformedURLException
@@ -978,7 +1008,7 @@ void XMLUri::initializePath(const XMLCh*
}
else if (!isReservedOrUnreservedCharacter(testChar))
{
- XMLCh value1[BUF_LEN+1];
+ XMLCh value1[2];
value1[0] = testChar;
value1[1] = chNull;
ThrowXMLwithMemMgr2(MalformedURLException
@@ -1013,11 +1043,21 @@ void XMLUri::initializePath(const XMLCh*
if (testChar == chPercent)
{
- if (index+2 >= end ||
- !XMLString::isHex(uriSpec[index+1]) ||
- !XMLString::isHex(uriSpec[index+2]))
+ if (index + 2 >= end)
+ {
+ XMLCh value1[3];
+ value1[1] = chNull;
+ value1[2] = chNull;
+ XMLString::moveChars(value1, &(uriSpec[index]), (index + 1
>= end ? 1 : 2));
+ ThrowXMLwithMemMgr2(MalformedURLException
+ ,
XMLExcepts::XMLNUM_URI_Component_Invalid_EscapeSequence
+ , errMsg_FRAGMENT
+ , value1
+ , fMemoryManager);
+ }
+ if (!XMLString::isHex(uriSpec[index+1]) ||
!XMLString::isHex(uriSpec[index+2]))
{
- XMLCh value1[BUF_LEN+1];
+ XMLCh value1[4];
XMLString::moveChars(value1, &(uriSpec[index]), 3);
value1[3] = chNull;
ThrowXMLwithMemMgr2(MalformedURLException
@@ -1029,7 +1069,7 @@ void XMLUri::initializePath(const XMLCh*
}
else if (!isReservedOrUnreservedCharacter(testChar))
{
- XMLCh value1[BUF_LEN+1];
+ XMLCh value1[2];
value1[0] = testChar;
value1[1] = chNull;
ThrowXMLwithMemMgr2(MalformedURLException
@@ -1393,14 +1433,15 @@ void XMLUri::isConformantUserInfo(const
}
else if (*tmpStr == chPercent) // '%'
{
- if (XMLString::isHex(*(tmpStr+1)) && // 1st hex
- XMLString::isHex(*(tmpStr+2)) ) // 2nd hex
+ if (XMLString::stringLen(tmpStr) >= 3
+ && XMLString::isHex(*(tmpStr+1)) // 1st hex
+ && XMLString::isHex(*(tmpStr+2)) ) // 2nd hex
{
tmpStr+=3;
}
else
{
- XMLCh value1[BUF_LEN+1];
+ XMLCh value1[4];
value1[0] = chPercent;
value1[1] = *(tmpStr+1);
value1[2] = *(tmpStr+2);
@@ -1451,8 +1492,9 @@ bool XMLUri::isValidServerBasedAuthority
}
else if (userinfo[index] == chPercent) // '%'
{
- if (XMLString::isHex(userinfo[index+1]) && // 1st hex
- XMLString::isHex(userinfo[index+2]) ) // 2nd hex
+ if (index + 2 < userLen
+ && XMLString::isHex(userinfo[index+1]) // 1st hex
+ && XMLString::isHex(userinfo[index+2]) ) // 2nd hex
index +=3;
else
return false;
@@ -1491,8 +1533,9 @@ bool XMLUri::isValidServerBasedAuthority
}
else if (*tmpStr == chPercent) // '%'
{
- if (XMLString::isHex(*(tmpStr+1)) && // 1st hex
- XMLString::isHex(*(tmpStr+2)) ) // 2nd hex
+ if (XMLString::stringLen(tmpStr) >= 3
+ && XMLString::isHex(*(tmpStr+1)) // 1st hex
+ && XMLString::isHex(*(tmpStr+2)) ) // 2nd hex
{
tmpStr+=3;
}
@@ -1520,9 +1563,9 @@ bool XMLUri::isValidRegistryBasedAuthori
}
else if (authority[index] == chPercent) // '%'
{
- if ((index+2) < authLen &&
- XMLString::isHex(authority[index+1]) && //
1st hex
- XMLString::isHex(authority[index+2]) ) // 2nd hex
+ if (index + 2 < authLen
+ && XMLString::isHex(authority[index+1]) // 1st hex
+ && XMLString::isHex(authority[index+2]) ) // 2nd hex
index +=3;
else
return false;
@@ -1550,8 +1593,9 @@ bool XMLUri::isValidRegistryBasedAuthori
}
else if (*tmpStr == chPercent) // '%'
{
- if (XMLString::isHex(*(tmpStr+1)) && // 1st hex
- XMLString::isHex(*(tmpStr+2)) ) // 2nd hex
+ if (XMLString::stringLen(tmpStr) >= 3
+ && XMLString::isHex(*(tmpStr + 1)) // 1st hex
+ && XMLString::isHex(*(tmpStr + 2))) // 2nd hex
{
tmpStr+=3;
}
@@ -1586,8 +1630,9 @@ bool XMLUri::isURIString(const XMLCh* co
}
else if (*tmpStr == chPercent) // '%'
{
- if (XMLString::isHex(*(tmpStr+1)) && // 1st hex
- XMLString::isHex(*(tmpStr+2)) ) // 2nd hex
+ if (XMLString::stringLen(tmpStr) >=3
+ && XMLString::isHex(*(tmpStr+1)) // 1st hex
+ && XMLString::isHex(*(tmpStr+2)) ) // 2nd hex
{
tmpStr+=3;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
