[XERCESC-1978] DOMDocumentImpl:: getPooledNString(const XMLCh *in, XMLSize_t n) returns incorrect string - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: 3.1.1
Fix Version/s: 3.1.2, 3.2.0
Component/s: DOM
Labels:
None
Environment:
Windows x32, but should be everywhere

Description

the methods returns the original string rather than the substring if the substring and original string have the same hash code.
This leeds to corrupt xml files due to prefixes being replaced by the entire string:
Original version:
while (*pspe != 0)
{
if (XMLString::equals((*pspe)->fString, in))
return (*pspe)->fString;
...

Bugfix suggestion:
//RP 120416 we need to check for length of the returned <=n; else any hash matching string longer than n will be accepted — bad snafu!
if (XMLString::equalsN((*pspe)~~>fString, in, n) && XMLString::stringLen( (*pspe)~~>fString)<=n)

Example prefix + attribute name that will fail:
HDM:
HDM:OffsetBack

Attachments

Issue Links

is duplicated by

XERCESC-2043 String pooling in DOMDocumentImpl is unsafe, particularly on 64-bit platforms

Closed

Activity

People

Assignee:: Alberto Massari

Reporter:: Rainer Prosi

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 16/Apr/12 17:14

Updated:: 28/Feb/15 02:27

Resolved:: 17/Apr/12 09:38