1. Platform: Linux 2.2.5-15
2. Build:
Xerces:
runConfigure -plinux -cgcc -xg++ -d -minmem -nfileonly -tnative
gmake
samples:
runConfigure -plinux -cgcc -xg++ -d
gmake
3. How to reproduce the bug
run
DOMPrint atest.xml
in a deep path e.g.
/home/host/Thisisareallongpath/inareallongpath/inarealdeeppath/inarealdeeppath/atest.xml
On my machine, the above cause a segmentation error when the full path
name
reaches about 75 characters.
4. Why
The new LocalFileInputSource::LocalFileInputSource() calls
XMLPlatformUtils::getFullPath() to get the full path of the "atest.xml";
which in turn calls XMLString::transcode() to translate the full path;
which in turn calls convLCPTranscoder::transcode() to do the real work;
which in turn calls IconvLCPTranscoder::calcRequiredSize() to calculate
the length of the full path;
which in turn calls the stdlib function mbstowcs to calculate the
length.
mbstowcs crashes if the length gets about 75 characters on my machine.
4. where: xerces/src/util/Iconv/TransServices.cpp
278 //
---------------------------------------------------------------------------
279 // IconvLCPTranscoder: The virtual transcoder API
280 //
---------------------------------------------------------------------------
281 unsigned int IconvLCPTranscoder::calcRequiredSize(const char* const
srcText)
282 {
283 if (!srcText)
284 return 0;
285
286 const unsigned int retVal = ::mbstowcs(NULL, 0);
The above calculate the length of srcText by calling
mbstowcs - convert a multibyte string to a wide character
string.
It causes a segmentation error when srcText is longer than ~75
characters
287
288 if (retVal == -1)
289 return 0;
290 return retVal;
291 }
