[XERCESC-1866] Crash with regular expression - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: 4.0.0
Component/s: Utilities
Labels:
None
Environment:
Windows XP, Visual Studio 2005

Description

when I run the following test code my application crashes on the second regEx.matches call:
{
XMLBuffer optionsBuf;
optionsBuf.append('i');
optionsBuf.append('H');
RegularExpression regEx(L"^\\W*Excel
W*$", optionsBuf.getRawBuffer());
regEx.matches("Excel");
}
{
XMLBuffer optionsBuf;
optionsBuf.append('i');
optionsBuf.append('H');
RegularExpression regEx(L"^\\W*Excel
W*$", optionsBuf.getRawBuffer());
regEx.matches("Excel");
}

some details I found during debugging:

there is an instance of RangeToken where I have no idea where this is created. I've set a breakpoint in the constructor but the debugger does not stop.
when RangeToken::getCaseInsensitiveToken is called a new RangeToken is created and stored in fCaseIToken
when parsing is finished the newly created RangeToken is deleted (through ~RegularExpression -> ~TokenFactory), but the original RangeToken (where I don't know where it is created) still exists and references the deleted RangeToken in fCaseIToken
the next time RangeToken::getCaseInsensitiveToken is called the invalid reference fCaseIToken is returned and this leads to a crash when it is accessed.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

XERCESC-1866.patch
22/Apr/09 18:47
1 kB
David N Bertoni

Activity

People

Assignee:: Boris Kolpackov

Reporter:: Alexander Hartmann

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 21/Apr/09 08:36

Updated:: 31/Jul/17 15:27