[
http://issues.apache.org/jira/browse/XERCESC-1378?page=comments#action_60981 ]
Nikolay Ognyanov commented on XERCESC-1378:
-------------------------------------------
I agree with the part about BinMemInputStream.
I disagree however about the local copy in MemBufInputSource. I see no creation
of such
copy anywhere in MemBufInputSource.cpp. Apart
from the destructor fSrcBytes appears only
in the 2 constructors like this :
MemBufInputSource::MemBufInputSource( const XMLByte* const srcDocBytes
, const unsigned int byteCount
, const XMLCh* const bufId
, const bool adoptBuffer
, MemoryManager* const manager) :
InputSource(bufId, manager)
, fAdopted(adoptBuffer)
, fByteCount(byteCount)
, fCopyBufToStream(true)
, fSrcBytes(srcDocBytes)
{
}
Since srcDocBytes and fSrcBytes are pointers this initialization creates
copy of the pointer (srcDocBytes) and not copy of the content it points to. If
this was nor true BTW then it would be wrong again because copy would be
created unconditionally regardlis of the value of fAdopted.
Another way to easily verify how wrong things are here
is to search in MemBufInputSource.cpp for fAdopted.
Then you will see that it only appears in initialization and in the destruction
conditional I quoted. This can not be true because creation of a copy of the
arg string is supposed to depend on it.
BTW - I found out this issue out not by mere code
inspection but the hard way after debugging some
"magic" segfaults...
> wrong string destruction in MemBufInputSource::~MemBufInputSource()
> -------------------------------------------------------------------
>
> Key: XERCESC-1378
> URL: http://issues.apache.org/jira/browse/XERCESC-1378
> Project: Xerces-C++
> Type: Bug
> Components: SAX/SAX2
> Versions: 2.6.0
> Environment: Any
> Reporter: Nikolay Ognyanov
>
> MemBufInputSource::~MemBufInputSource()
> {
> if (fAdopted)
> delete [] (XMLByte*)fSrcBytes;
> }
> This seems terribly wrong. Constructor initializes fSrcBytes
> with its argument srcDocBytes and this never changes, so the
> original argument string is deleted here and not a copy of it.
> Actual creation and destruction of a copy if fAdopted is set
> is handled in BinMemInputStream which is instantiated in
> MemBufInputSource::makeStream(). Therefore the code quoted
> above should be removed from the destructor and it should do
> nothing.
> Regards
> Nikolay
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
