[XERCESC-2253] Undefined behavior on ElemStack and NamespaceScope - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.2.5
Fix Version/s: 3.3.0
Component/s: Miscellaneous
Labels:
None
Environment:
gcc-12, C++17

External issue URL:
https://github.com/apache/xerces-c/pull/59

Description

When running programs that use xerces-c with the Undefined Behavior Sanitizer (ubsan), undefined behavior is detected in ElemStack::expandStack and NamespaceScope::expandMap. Both instances are due to memcpy being called with NULL as one of its parameters when toExpand->fMap is NULL, which works (the size parameter is 0) but is undefined behavior.

This is fixed by doing a simple check for null before calling memcpy. If the object we wanted to copy from was null, we do not copy at all and the result is the same. This avoids the UBSan being triggered, and potential issues with compiler optimizations (as both pointer arguments to memcpy are marked as __nonnull)

I can send a simple patch that fixes this.

Attachments

Activity

People

Assignee:: Scott Cantor

Reporter:: Diego Ortín

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 11/Sep/24 16:27

Updated:: 14/Oct/24 18:37

Resolved:: 23/Sep/24 18:06