Uploaded image for project: 'Xerces-C++'
  1. Xerces-C++
  2. XERCESC-2088

Bad casting from DOMTextImpl to DOMElementImpl

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 3.1.1, 3.1.2, 3.1.3, 3.1.4
    • 3.2.0
    • DOM
    • None
    • ubuntu 16.04 LTS, Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz, 16GB

    Description

      Hi all,

      Our recently developed type confusion detection tool reports a type_confusion error in the "xercesc/dom/imple/DOMCasts.hpp"

      xercesc/dom/imple/DOMCasts.hpp, line 146

      static inline DOMNodeImpl *castToNodeImpl(const DOMNode *p)
      {
      DOMElementImpl *pE = (DOMElementImpl *)p;
      return &(pE->fNode);
      }

      p is pointing to the object allocated as DOMTextImpl, and it is casted into DOMElementImpl. However, since DOMElementImpl is not a subobject of DOMTextImpl, it is violating C++ standard rules 5.2.9/11 (down casting is undefined if the object that the pointer to be casted points to is not a suboject of down casting type) and causes undefined behaviors.

      There are similar type-confusion cases as below links.

      I attached a actual type confusion report and object relationship information.

      Attachments

        1. relationship_tree.jpeg
          50 kB
          Yuseok Jeon
        2. DOMNodeBase.hpp
          8 kB
          Scott Cantor
        3. casting.patch
          53 kB
          Scott Cantor
        4. Actual_result.txt
          3 kB
          Yuseok Jeon

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            scantor Scott Cantor
            Yuseok Jeon Yuseok Jeon
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment