[xerces-c] branch master updated: InMemMsgLoader::loadMsg(): fix memory leak when transcoding fails.

rleigh Thu, 09 Sep 2021 00:38:58 -0700

This is an automated email from the ASF dual-hosted git repository.

rleigh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/xerces-c.git



The following commit(s) were added to refs/heads/master by this push:
     new 1bdf6d8  InMemMsgLoader::loadMsg(): fix memory leak when transcoding 
fails.
     new 471e23c  Merge pull request #32 from rouault/fix_ossfuzz_37666
1bdf6d8 is described below

commit 1bdf6d8ba878c1fe1d779824be70001fc0bebd2c
Author: Even Rouault <even.roua...@spatialys.com>
AuthorDate: Fri Aug 27 01:33:27 2021 +0200

    InMemMsgLoader::loadMsg(): fix memory leak when transcoding fails.
    
    Seen with the IconvGNU transcoder when parsing 
"<aaa.xsdopengis.net/gml\x96".
    The reason is that XMLString::transcode(repText2, manager) throws a 
TranscodingException
    which causes the tmp1 string to leak.
    
    ```
    0 0x8791409 in operator new(unsigned int) 
/src/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:99:3
    1 0xbd147f7 in xercesc_4_0::MemoryManagerImpl::allocate(unsigned int) 
gdal/xerces-c/src/xercesc/internal/MemoryManagerImpl.cpp:40:18
    2 0xbe8c73e in xercesc_4_0::IconvGNULCPTranscoder::transcode(char const*, 
xercesc_4_0::MemoryManager*) 
gdal/xerces-c/src/xercesc/util/Transcoders/IconvGNU/IconvGNUTransService.cpp:870:32
    3 0xbc22ca2 in xercesc_4_0::XMLString::transcode(char const*, 
xercesc_4_0::MemoryManager*) gdal/xerces-c/src/xercesc/util/XMLString.cpp:621:25
    4 0xbe8f4ad in xercesc_4_0::InMemMsgLoader::loadMsg(unsigned int, 
char16_t*, unsigned int, char const*, char const*, char const*, char const*, 
xercesc_4_0::MemoryManager*) 
gdal/xerces-c/src/xercesc/util/MsgLoaders/InMemory/InMemMsgLoader.cpp:157:16
    5 0xbc20175 in 
xercesc_4_0::XMLException::loadExceptText(xercesc_4_0::XMLExcepts::Codes, char 
const*, char const*, char const*, char const*) 
gdal/xerces-c/src/xercesc/util/XMLException.cpp:241:23
    6 0xbc48bee in 
xercesc_4_0::UTFDataFormatException::UTFDataFormatException(char const*, 
unsigned long long, xercesc_4_0::XMLExcepts::Codes, char const*, char const*, 
char const*, char const*, xercesc_4_0::MemoryManager*) 
gdal/xerces-c/src/xercesc/util/UTFDataFormatException.hpp:31:1
    7 0xbc4824e in xercesc_4_0::XMLUTF8Transcoder::transcodeFrom(unsigned char 
const*, unsigned int, char16_t*, unsigned int, unsigned int&, unsigned char*) 
gdal/xerces-c/src/xercesc/util/XMLUTF8Transcoder.cpp:182:13
    8 0xbd27d7e in xercesc_4_0::XMLReader::xcodeMoreChars(char16_t*, unsigned 
char*, unsigned int) gdal/xerces-c/src/xercesc/internal/XMLReader.cpp:1926:34
    9 0xbd271dd in xercesc_4_0::XMLReader::refreshCharBuffer() 
gdal/xerces-c/src/xercesc/internal/XMLReader.cpp:571:19
    10 0xbd15c63 in xercesc_4_0::XMLReader::peekNextChar(char16_t&) 
gdal/xerces-c/src/xercesc/internal/XMLReader.hpp:767:14
    11 0xbd15aaf in xercesc_4_0::ReaderMgr::peekNextChar() 
gdal/xerces-c/src/xercesc/internal/ReaderMgr.cpp:158:21
    12 0xbd328da in xercesc_4_0::XMLScanner::scanProlog() 
gdal/xerces-c/src/xercesc/internal/XMLScanner.cpp:1241:45
    13 0xbd31ef4 in xercesc_4_0::XMLScanner::scanFirst(xercesc_4_0::InputSource 
const&, xercesc_4_0::XMLPScanToken&) 
gdal/xerces-c/src/xercesc/internal/XMLScanner.cpp:549:9
    14 0xbdadcff in 
xercesc_4_0::SAX2XMLReaderImpl::parseFirst(xercesc_4_0::InputSource const&, 
xercesc_4_0::XMLPScanToken&) 
gdal/xerces-c/src/xercesc/parsers/SAX2XMLReaderImpl.cpp:500:22
    ```
---
 .../util/MsgLoaders/InMemory/InMemMsgLoader.cpp    | 31 ++++++++++++++++------
 1 file changed, 23 insertions(+), 8 deletions(-)

diff --git a/src/xercesc/util/MsgLoaders/InMemory/InMemMsgLoader.cpp 
b/src/xercesc/util/MsgLoaders/InMemory/InMemMsgLoader.cpp
index cda1032..6971fde 100644
--- a/src/xercesc/util/MsgLoaders/InMemory/InMemMsgLoader.cpp
+++ b/src/xercesc/util/MsgLoaders/InMemory/InMemMsgLoader.cpp
@@ -25,6 +25,7 @@
 // ---------------------------------------------------------------------------
 #include <xercesc/util/BitOps.hpp>
 #include <xercesc/util/PlatformUtils.hpp>
+#include <xercesc/util/TranscodingException.hpp>
 #include <xercesc/util/XMLMsgLoader.hpp>
 #include <xercesc/util/XMLString.hpp>
 #include <xercesc/util/XMLUni.hpp>
@@ -153,14 +154,28 @@ bool InMemMsgLoader::loadMsg(const  
XMLMsgLoader::XMLMsgId  msgToLoad
     XMLCh* tmp4 = 0;
     
     bool bRet = false;
-    if (repText1)
-        tmp1 = XMLString::transcode(repText1, manager);
-    if (repText2)
-        tmp2 = XMLString::transcode(repText2, manager);
-    if (repText3)
-        tmp3 = XMLString::transcode(repText3, manager);
-    if (repText4)
-        tmp4 = XMLString::transcode(repText4, manager);
+    try
+    {
+        if (repText1)
+            tmp1 = XMLString::transcode(repText1, manager);
+        if (repText2)
+            tmp2 = XMLString::transcode(repText2, manager);
+        if (repText3)
+            tmp3 = XMLString::transcode(repText3, manager);
+        if (repText4)
+            tmp4 = XMLString::transcode(repText4, manager);
+    }
+    catch( const TranscodingException& )
+    {
+        if (tmp1)
+            manager->deallocate(tmp1);
+        if (tmp2)
+            manager->deallocate(tmp2);
+        if (tmp3)
+            manager->deallocate(tmp3);
+        // Note: tmp4 cannot leak
+        throw;
+    }
 
     bRet = loadMsg(msgToLoad, toFill, maxChars, tmp1, tmp2, tmp3, tmp4, 
manager);
 

---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[xerces-c] branch master updated: InMemMsgLoader::loadMsg(): fix memory leak when transcoding fails.

Reply via email to