Uploaded image for project: 'Xerces-C++'
  1. Xerces-C++
  2. XERCESC-2066

Exception handling mistake in DTDScanner

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 3.1.0, 3.1.1, 3.1.2, 3.1.3
    • 3.2.0, 3.1.4
    • None

    Description

      Index: src/xercesc/validators/DTD/DTDScanner.cpp
      ==========================================================The DTDScanner fails to account for the fact that peeking characters in the XMLReader class can raise an exception if an invalid character is encountered, and the exception crosses stack frames in an unsafe way that causes a higher level exception handler to access an already-freed object.

      The proposed patch below traps the exception locally and records the parser error in the appropriate frame.

      We should also review the code for other calls to the XMLReader methods that can throw.

      --- src/xercesc/validators/DTD/DTDScanner.cpp	(revision 1741478)
      +++ src/xercesc/validators/DTD/DTDScanner.cpp	(working copy)
      @@ -2509,7 +2509,15 @@
               {
                   while (true)
                   {
      -                const XMLCh nextCh = fReaderMgr->peekNextChar();
      +                XMLCh nextCh;
      +                
      +                try {
      +                    nextCh = fReaderMgr->peekNextChar();
      +                }
      +                catch (XMLException& ex) {
      +                    fScanner->emitError(XMLErrs::XMLException_Fatal, ex.getCode(), ex.getMessage(), NULL, NULL);
      +                    nextCh = chNull;
      +                }
       
                       if (!nextCh)
                       {
      

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            scantor Scott Cantor
            scantor Scott Cantor
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment