Uploaded image for project: 'Xerces-C++'
  1. Xerces-C++
  2. XERCESC-660

Mismatched new[]/delete in XMLStringTokenizer (among others)

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Resolution: Fixed
    • 2.1.0
    • 2.2.0
    • Utilities
    • None
    • Operating System: All
      Platform: All
    • 13438

    Description

      XMLStringTokenizer uses a RefVectorOf<XMLCh> for token storage (fTokens).
      Unfortunately, the XMLCh * is allocated through new[], and later deallocated by
      RefVectorOf<> with delete (instead of delete[]).

      I suspect that this is a widespread problem in the library.

      From XMLStringTokenizer.h:

      // -----------------------------------------------------------------------
      // Private data members
      //
      // fOffset
      // The current position in the parsed string.
      //
      // fStringLen
      // The length of the string parsed (for convenience).
      //
      // fString
      // The string to be parsed
      //
      // fDelimeters
      // A set of delimeter characters
      //
      // fTokens
      // A vector of the token strings
      // -----------------------------------------------------------------------
      int fOffset;
      int fStringLen;
      XMLCh* fString;
      XMLCh* fDelimeters;
      RefVectorOf<XMLCh>* fTokens;

      From XMLStringTokenizer.cpp:

      // ---------------------------------------------------------------------------
      // XMLStringTokenizer: Management methods
      // ---------------------------------------------------------------------------
      XMLCh* XMLStringTokenizer::nextToken() {

      if (fOffset >= fStringLen)

      { return 0; }

      bool tokFound = false;
      int startIndex = fOffset;
      int endIndex = fOffset;

      for (; endIndex < fStringLen; endIndex++) {

      if (isDelimeter(fString[endIndex])) {

      if (tokFound)

      { break; }

      startIndex++;
      continue;
      }

      tokFound = true;
      }

      fOffset = endIndex;

      if (tokFound)

      { XMLCh* tokStr = new XMLCh[(endIndex - startIndex) + 1]; XMLString::subString(tokStr, fString, startIndex, endIndex); fTokens->addElement(tokStr); return tokStr; }

      return 0;
      }

      The line: XMLCh* tokStr = new XMLCh[(endIndex - startIndex) + 1];
      is a problem.

      Attachments

        Activity

          People

            gareth@decisionsoft.com gareth reakes
            zell@best.com Adam Zell
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: