DO NOT REPLY [Bug 13438] New: - Mismatched new[]/delete in XMLStringTokenizer (among others)

Tue, 08 Oct 2002 20:32:53 -0700 

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13438>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13438

Mismatched new[]/delete in XMLStringTokenizer (among others)

           Summary: Mismatched new[]/delete in XMLStringTokenizer (among
                    others)
           Product: Xerces-C++
           Version: 2.1.0
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Critical
          Priority: Other
         Component: Utilities
        AssignedTo: [EMAIL PROTECTED]
        ReportedBy: [EMAIL PROTECTED]


XMLStringTokenizer uses a RefVectorOf<XMLCh> for token storage (fTokens).  
Unfortunately, the XMLCh * is allocated through new[], and later deallocated by 
RefVectorOf<> with delete (instead of delete[]).

I suspect that this is a widespread problem in the library.

>From XMLStringTokenizer.h:

    // -----------------------------------------------------------------------
    //  Private data members
    //
    //  fOffset
    //      The current position in the parsed string.
    //
    //  fStringLen
    //      The length of the string parsed (for convenience).
    //
    //  fString
    //      The string to be parsed
    //
    //  fDelimeters
    //      A set of delimeter characters
    //
    //  fTokens
    //      A vector of the token strings
    // -----------------------------------------------------------------------
    int                 fOffset;
    int                 fStringLen;
    XMLCh*              fString;
    XMLCh*              fDelimeters;
    RefVectorOf<XMLCh>* fTokens;

>From XMLStringTokenizer.cpp:

// ---------------------------------------------------------------------------
//  XMLStringTokenizer: Management methods
// ---------------------------------------------------------------------------
XMLCh* XMLStringTokenizer::nextToken() {

    if (fOffset >= fStringLen) {
        return 0;
    }

    bool tokFound = false;
    int  startIndex = fOffset;
    int  endIndex = fOffset;

    for (; endIndex < fStringLen; endIndex++) {

        if (isDelimeter(fString[endIndex])) {

            if (tokFound) {
                break;
            }

            startIndex++;
            continue;
        }

        tokFound = true;
    }

    fOffset = endIndex;

    if (tokFound) {

        XMLCh* tokStr = new XMLCh[(endIndex - startIndex) + 1];

        XMLString::subString(tokStr, fString, startIndex, endIndex);
        fTokens->addElement(tokStr);

        return tokStr;
    }

    return 0;
}

The line:         XMLCh* tokStr = new XMLCh[(endIndex - startIndex) + 1];
is a problem.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to