Uploaded image for project: 'Xerces-C++'
  1. Xerces-C++
  2. XERCESC-2044

Code analysis revealed multiple potential NULL derefence conditions (currently unconfirmed)

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.1
    • Fix Version/s: 3.1.2, 3.2.0
    • Component/s: Miscellaneous
    • Labels:
      None

      Description

      src/xercesc/util/MsgLoaders/InMemory/InMemMsgLoader.cpp

      If fMsgDomain doesn't match one of the 4 else clauses, it could dereference null at line 106

      src/xercesc/internal/IGXMLScanner.cpp

      The !elemDecl check on line 2383 appears to be missing a final else clause to catch unknown grammar types.

      src/xercesc/internal/XSObjectFactory.cpp

      If the xsMultiFacetList is not allocated at line 840, there are no obvious checks later in the function to ensure it is not dereferenced

      src/xercesc/validators/DTD/DTDScanner.cpp

      If the first branch followed is "else if (fReaderMgr->skippedChar(chCloseParen))" at line 1210, lastNode can potentially dereference a NULL at line 1225

        Attachments

        1. DTDScanner.patch
          0.7 kB
          Int3
        2. IGXMLScanner.patch
          0.6 kB
          Int3
        3. InMemMsgLoader.patch
          0.5 kB
          Int3
        4. XSObjectFactory.patch
          1 kB
          Int3

          Activity

            People

            • Assignee:
              scantor Scott Cantor
              Reporter:
              int3solutions Int3
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: