[GitHub] [xerces-c] rleigh-codelibre merged pull request #31: XERCESC-2219: [Backport 3.2] XMLReader constructor: fix memory leak when refreshRawBuffer() throws
rleigh-codelibre merged pull request #31: URL: https://github.com/apache/xerces-c/pull/31 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[xerces-c] branch xerces-3.2 updated: XMLReader constructor: fix memory leak when refreshRawBuffer() throws
This is an automated email from the ASF dual-hosted git repository. rleigh pushed a commit to branch xerces-3.2 in repository https://gitbox.apache.org/repos/asf/xerces-c.git The following commit(s) were added to refs/heads/xerces-3.2 by this push: new 286051c XMLReader constructor: fix memory leak when refreshRawBuffer() throws new a3be9dc Merge pull request #31 from rouault/fix_ossfuzz_37529_backport_3_2 286051c is described below commit 286051c73667be145b36d86febbe2ce9e48d42ff Author: Even Rouault AuthorDate: Mon Aug 23 21:39:48 2021 +0200 XMLReader constructor: fix memory leak when refreshRawBuffer() throws Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37529 on GDAL The backtrace of the exception that caused the memory leak was: ``` Catchpoint 1 (exception thrown), 0x75547672 in __cxa_throw () from /lib/x86_64-linux-gnu/libstdc++.so.6 (gdb) bt 0 0x75547672 in __cxa_throw () from /lib/x86_64-linux-gnu/libstdc++.so.6 1 0x724447c4 in xercesc_4_0::PosixFileMgr::fileRead (this=, f=, byteCount=, buffer=, manager=0x556df730) at xercesc/util/FileManagers/PosixFileMgr.cpp:160 2 0x724e6ec2 in xercesc_4_0::XMLReader::refreshRawBuffer (this=0x557e49f8) at xercesc/internal/XMLReader.cpp:1891 3 0x724e70d4 in xercesc_4_0::XMLReader::XMLReader (this=0x557e49f8, pubId=, sysId=0x55750920 u"/", streamToAdopt=0x5574e838, from=, type=xercesc_4_0::XMLReader::Type_General, source=xercesc_4_0::XMLReader::Source_External, throwAtEnd=false, calculateSrcOfs=false, lowWaterMark=100, version=xercesc_4_0::XMLReader::XMLV1_0, manager=0x556df730) at xercesc/internal/XMLReader.cpp:130 4 0x724ced75 in xercesc_4_0::ReaderMgr::createReader (this=this@entry=0x557896d8, src=..., refFrom=refFrom@entry=xercesc_4_0::XMLReader::RefFrom_NonLiteral, type=type@entry=xercesc_4_0::XMLReader::Type_General, source=source@entry=xercesc_4_0::XMLReader::Source_External, calcSrcOfs=false, lowWaterMark=100) at ./xercesc/sax/InputSource.hpp:314 5 0x724cb0af in xercesc_4_0::IGXMLScanner::scanReset (this=0x55789608, src=...) at xercesc/internal/IGXMLScanner2.cpp:1286 6 0x724c36e9 in xercesc_4_0::IGXMLScanner::scanDocument (this=0x55789608, src=...) at xercesc/internal/IGXMLScanner.cpp:198 7 0x7250abaf in xercesc_4_0::AbstractDOMParser::parse (this=0x7fffc2d0, source=...) at xercesc/parsers/AbstractDOMParser.cpp:545 8 0x724cbdbe in xercesc_4_0::IGXMLScanner::resolveSchemaGrammar (this=0x55792f78, loc=0x557dd694 u"/", uri=0x55737180 u"`", ignoreLoadSchema=) at xercesc/internal/IGXMLScanner2.cpp:1895 0x724cce7c in xercesc_4_0::IGXMLScanner::parseSchemaLocation (this=0x55792f78, schemaLocationStr=, ignoreLoadSchema=false) at ./xercesc/framework/XMLBuffer.hpp:171 10 0x724cd182 in xercesc_4_0::IGXMLScanner::scanRawAttrListforNameSpaces (this=this@entry=0x55792f78, attCount=attCount@entry=9) at xercesc/internal/IGXMLScanner2.cpp:1649 11 0x724c22cb in xercesc_4_0::IGXMLScanner::scanStartTagNS (this=0x55792f78, gotData=@0x7fffc91f: true) at xercesc/internal/IGXMLScanner.cpp:2213 12 0x724c3522 in xercesc_4_0::IGXMLScanner::scanContent (this=0x55792f78) at xercesc/internal/IGXMLScanner.cpp:890 13 0x724c3760 in xercesc_4_0::IGXMLScanner::scanDocument (this=0x55792f78, src=...) at xercesc/internal/IGXMLScanner.cpp:217 14 0x725158e3 in xercesc_4_0::SAX2XMLReaderImpl::parse (this=0x55731828, source=...) at xercesc/parsers/SAX2XMLReaderImpl.cpp:409 ``` --- src/xercesc/internal/ReaderMgr.cpp | 6 + src/xercesc/internal/XMLReader.cpp | 47 +- src/xercesc/internal/XMLReader.hpp | 2 ++ 3 files changed, 49 insertions(+), 6 deletions(-) diff --git a/src/xercesc/internal/ReaderMgr.cpp b/src/xercesc/internal/ReaderMgr.cpp index d14483e..18d8596 100644 --- a/src/xercesc/internal/ReaderMgr.cpp +++ b/src/xercesc/internal/ReaderMgr.cpp @@ -436,6 +436,12 @@ XMLReader* ReaderMgr::createReader( const InputSource& src ); } } +catch(const XMLPlatformUtilsException&) +{ +streamJanitor.release(); + +throw; +} catch(const OutOfMemoryException&) { streamJanitor.release(); diff --git a/src/xercesc/internal/XMLReader.cpp b/src/xercesc/internal/XMLReader.cpp index 405474a..9acfad8 100644 --- a/src/xercesc/internal/XMLReader.cpp +++ b/src/xercesc/internal/XMLReader.cpp @@ -124,8 +124,16 @@ XMLReader::XMLReader(const XMLCh* const pubId { setXMLVersion(version); -// Do an initial load of raw bytes -refreshRawBuffer(); +try +{ +// Do an initial load of raw bytes +refreshRawBuffer(); +} +catch (const
[GitHub] [xerces-c] rleigh-codelibre merged pull request #30: XERCESC-2219: XMLReader constructor: fix memory leak when refreshRawBuffer() throws
rleigh-codelibre merged pull request #30: URL: https://github.com/apache/xerces-c/pull/30 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[xerces-c] branch master updated: XMLReader constructor: fix memory leak when refreshRawBuffer() throws
This is an automated email from the ASF dual-hosted git repository. rleigh pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/xerces-c.git The following commit(s) were added to refs/heads/master by this push: new cf436ab XMLReader constructor: fix memory leak when refreshRawBuffer() throws new caa6515 Merge pull request #30 from rouault/fix_ossfuzz_37529 cf436ab is described below commit cf436abc181ab65824f6f51ae087e166dbdcd249 Author: Even Rouault AuthorDate: Mon Aug 23 21:39:48 2021 +0200 XMLReader constructor: fix memory leak when refreshRawBuffer() throws Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37529 on GDAL The backtrace of the exception that caused the memory leak was: ``` Catchpoint 1 (exception thrown), 0x75547672 in __cxa_throw () from /lib/x86_64-linux-gnu/libstdc++.so.6 (gdb) bt 0 0x75547672 in __cxa_throw () from /lib/x86_64-linux-gnu/libstdc++.so.6 1 0x724447c4 in xercesc_4_0::PosixFileMgr::fileRead (this=, f=, byteCount=, buffer=, manager=0x556df730) at xercesc/util/FileManagers/PosixFileMgr.cpp:160 2 0x724e6ec2 in xercesc_4_0::XMLReader::refreshRawBuffer (this=0x557e49f8) at xercesc/internal/XMLReader.cpp:1891 3 0x724e70d4 in xercesc_4_0::XMLReader::XMLReader (this=0x557e49f8, pubId=, sysId=0x55750920 u"/", streamToAdopt=0x5574e838, from=, type=xercesc_4_0::XMLReader::Type_General, source=xercesc_4_0::XMLReader::Source_External, throwAtEnd=false, calculateSrcOfs=false, lowWaterMark=100, version=xercesc_4_0::XMLReader::XMLV1_0, manager=0x556df730) at xercesc/internal/XMLReader.cpp:130 4 0x724ced75 in xercesc_4_0::ReaderMgr::createReader (this=this@entry=0x557896d8, src=..., refFrom=refFrom@entry=xercesc_4_0::XMLReader::RefFrom_NonLiteral, type=type@entry=xercesc_4_0::XMLReader::Type_General, source=source@entry=xercesc_4_0::XMLReader::Source_External, calcSrcOfs=false, lowWaterMark=100) at ./xercesc/sax/InputSource.hpp:314 5 0x724cb0af in xercesc_4_0::IGXMLScanner::scanReset (this=0x55789608, src=...) at xercesc/internal/IGXMLScanner2.cpp:1286 6 0x724c36e9 in xercesc_4_0::IGXMLScanner::scanDocument (this=0x55789608, src=...) at xercesc/internal/IGXMLScanner.cpp:198 7 0x7250abaf in xercesc_4_0::AbstractDOMParser::parse (this=0x7fffc2d0, source=...) at xercesc/parsers/AbstractDOMParser.cpp:545 8 0x724cbdbe in xercesc_4_0::IGXMLScanner::resolveSchemaGrammar (this=0x55792f78, loc=0x557dd694 u"/", uri=0x55737180 u"`", ignoreLoadSchema=) at xercesc/internal/IGXMLScanner2.cpp:1895 0x724cce7c in xercesc_4_0::IGXMLScanner::parseSchemaLocation (this=0x55792f78, schemaLocationStr=, ignoreLoadSchema=false) at ./xercesc/framework/XMLBuffer.hpp:171 10 0x724cd182 in xercesc_4_0::IGXMLScanner::scanRawAttrListforNameSpaces (this=this@entry=0x55792f78, attCount=attCount@entry=9) at xercesc/internal/IGXMLScanner2.cpp:1649 11 0x724c22cb in xercesc_4_0::IGXMLScanner::scanStartTagNS (this=0x55792f78, gotData=@0x7fffc91f: true) at xercesc/internal/IGXMLScanner.cpp:2213 12 0x724c3522 in xercesc_4_0::IGXMLScanner::scanContent (this=0x55792f78) at xercesc/internal/IGXMLScanner.cpp:890 13 0x724c3760 in xercesc_4_0::IGXMLScanner::scanDocument (this=0x55792f78, src=...) at xercesc/internal/IGXMLScanner.cpp:217 14 0x725158e3 in xercesc_4_0::SAX2XMLReaderImpl::parse (this=0x55731828, source=...) at xercesc/parsers/SAX2XMLReaderImpl.cpp:409 ``` --- src/xercesc/internal/ReaderMgr.cpp | 6 + src/xercesc/internal/XMLReader.cpp | 47 +- src/xercesc/internal/XMLReader.hpp | 2 ++ 3 files changed, 49 insertions(+), 6 deletions(-) diff --git a/src/xercesc/internal/ReaderMgr.cpp b/src/xercesc/internal/ReaderMgr.cpp index 0d92fc9..4e59a4a 100644 --- a/src/xercesc/internal/ReaderMgr.cpp +++ b/src/xercesc/internal/ReaderMgr.cpp @@ -436,6 +436,12 @@ XMLReader* ReaderMgr::createReader( const InputSource& src ); } } +catch(const XMLPlatformUtilsException&) +{ +streamJanitor.release(); + +throw; +} catch(const OutOfMemoryException&) { streamJanitor.release(); diff --git a/src/xercesc/internal/XMLReader.cpp b/src/xercesc/internal/XMLReader.cpp index 1facb53..bf43886 100644 --- a/src/xercesc/internal/XMLReader.cpp +++ b/src/xercesc/internal/XMLReader.cpp @@ -124,8 +124,16 @@ XMLReader::XMLReader(const XMLCh* const pubId { setXMLVersion(version); -// Do an initial load of raw bytes -refreshRawBuffer(); +try +{ +// Do an initial load of raw bytes +refreshRawBuffer(); +} +catch (const
Xerces-C++ 3.2.4
Hi folks, Would it be possible to add 3.2.4 as a new unreleased version in Jira? As you have probably seen, Even Rouault has made several changes to fix bugs on the 3.2 branch, and it would be useful to release them. Are there any other needed fixes to go into a new 3.2 point release? Thanks all, Roger
[jira] [Created] (XERCESC-2219) XMLReader constructor: memory leak when refreshRawBuffer() throws
Roger Leigh created XERCESC-2219: Summary: XMLReader constructor: memory leak when refreshRawBuffer() throws Key: XERCESC-2219 URL: https://issues.apache.org/jira/browse/XERCESC-2219 Project: Xerces-C++ Issue Type: Bug Affects Versions: 3.2.3 Reporter: Roger Leigh Assignee: Roger Leigh See https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37529 on GDAL The backtrace of the exception that caused the memory leak was: {noformat} Catchpoint 1 (exception thrown), 0x75547672 in __cxa_throw () from /lib/x86_64-linux-gnu/libstdc++.so.6 (gdb) bt 0 0x75547672 in __cxa_throw () from /lib/x86_64-linux-gnu/libstdc++.so.6 1 0x724447c4 in xercesc_4_0::PosixFileMgr::fileRead (this=, f=, byteCount=, buffer=, manager=0x556df730) at xercesc/util/FileManagers/PosixFileMgr.cpp:160 2 0x724e6ec2 in xercesc_4_0::XMLReader::refreshRawBuffer (this=0x557e49f8) at xercesc/internal/XMLReader.cpp:1891 3 0x724e70d4 in xercesc_4_0::XMLReader::XMLReader (this=0x557e49f8, pubId=, sysId=0x55750920 u"/", streamToAdopt=0x5574e838, from=, type=xercesc_4_0::XMLReader::Type_General, source=xercesc_4_0::XMLReader::Source_External, throwAtEnd=false, calculateSrcOfs=false, lowWaterMark=100, version=xercesc_4_0::XMLReader::XMLV1_0, manager=0x556df730) at xercesc/internal/XMLReader.cpp:130 4 0x724ced75 in xercesc_4_0::ReaderMgr::createReader (this=this@entry=0x557896d8, src=..., refFrom=refFrom@entry=xercesc_4_0::XMLReader::RefFrom_NonLiteral, type=type@entry=xercesc_4_0::XMLReader::Type_General, source=source@entry=xercesc_4_0::XMLReader::Source_External, calcSrcOfs=false, lowWaterMark=100) at ./xercesc/sax/InputSource.hpp:314 5 0x724cb0af in xercesc_4_0::IGXMLScanner::scanReset (this=0x55789608, src=...) at xercesc/internal/IGXMLScanner2.cpp:1286 6 0x724c36e9 in xercesc_4_0::IGXMLScanner::scanDocument (this=0x55789608, src=...) at xercesc/internal/IGXMLScanner.cpp:198 7 0x7250abaf in xercesc_4_0::AbstractDOMParser::parse (this=0x7fffc2d0, source=...) at xercesc/parsers/AbstractDOMParser.cpp:545 8 0x724cbdbe in xercesc_4_0::IGXMLScanner::resolveSchemaGrammar (this=0x55792f78, loc=0x557dd694 u"/", uri=0x55737180 u"`", ignoreLoadSchema=) at xercesc/internal/IGXMLScanner2.cpp:1895 0x724cce7c in xercesc_4_0::IGXMLScanner::parseSchemaLocation (this=0x55792f78, schemaLocationStr=, ignoreLoadSchema=false) at ./xercesc/framework/XMLBuffer.hpp:171 10 0x724cd182 in xercesc_4_0::IGXMLScanner::scanRawAttrListforNameSpaces (this=this@entry=0x55792f78, attCount=attCount@entry=9) at xercesc/internal/IGXMLScanner2.cpp:1649 11 0x724c22cb in xercesc_4_0::IGXMLScanner::scanStartTagNS (this=0x55792f78, gotData=@0x7fffc91f: true) at xercesc/internal/IGXMLScanner.cpp:2213 12 0x724c3522 in xercesc_4_0::IGXMLScanner::scanContent (this=0x55792f78) at xercesc/internal/IGXMLScanner.cpp:890 13 0x724c3760 in xercesc_4_0::IGXMLScanner::scanDocument (this=0x55792f78, src=...) at xercesc/internal/IGXMLScanner.cpp:217 14 0x725158e3 in xercesc_4_0::SAX2XMLReaderImpl::parse (this=0x55731828, source=...) at xercesc/parsers/SAX2XMLReaderImpl.cpp:409 {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[xerces-c] branch xerces-3.2 updated: CurlURLInputStream constructor: avoid memory leak
This is an automated email from the ASF dual-hosted git repository. rleigh pushed a commit to branch xerces-3.2 in repository https://gitbox.apache.org/repos/asf/xerces-c.git The following commit(s) were added to refs/heads/xerces-3.2 by this push: new b8f2b83 CurlURLInputStream constructor: avoid memory leak new 9ac2a9c Merge pull request #29 from rouault/backport_3_2_curl_memleak_fix b8f2b83 is described below commit b8f2b836358bb9e338c677eb71ec7fdfbd13643b Author: Even Rouault AuthorDate: Wed Aug 18 18:15:45 2021 +0200 CurlURLInputStream constructor: avoid memory leak CurlURLInputStream constructor calls the readMore() method, which can throw exceptions. In that situation, the destructor is not called, which results in resource/memory leaks. To fix that, catch the exceptions, manually do the cleanup and rethrow the exceptions. Found by ossfuzz (locally) --- .../util/NetAccessors/Curl/CurlURLInputStream.cpp | 28 +- .../util/NetAccessors/Curl/CurlURLInputStream.hpp | 2 ++ 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.cpp b/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.cpp index 5ed6593..2980dc2 100644 --- a/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.cpp +++ b/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.cpp @@ -160,7 +160,20 @@ CurlURLInputStream::CurlURLInputStream(const XMLURL& urlSource, const XMLNetHTTP while(fBufferHeadPtr == fBuffer) { int runningHandles = 0; -readMore(); +try +{ +readMore(); +} +catch(const MalformedURLException&) +{ +cleanup(); +throw; +} +catch(const NetAccessorException&) +{ +cleanup(); +throw; +} if(runningHandles == 0) break; } @@ -174,18 +187,31 @@ CurlURLInputStream::CurlURLInputStream(const XMLURL& urlSource, const XMLNetHTTP CurlURLInputStream::~CurlURLInputStream() { +cleanup(); +} + + +void CurlURLInputStream::cleanup() +{ +if (!fMulti ) +return; + // Remove the easy handle from the multi stack curl_multi_remove_handle(fMulti, fEasy); // Cleanup the easy handle curl_easy_cleanup(fEasy); +fEasy = NULL; // Cleanup the multi handle curl_multi_cleanup(fMulti); +fMulti = NULL; if(fContentType) fMemoryManager->deallocate(fContentType); +fContentType = NULL; if(fHeadersList) curl_slist_free_all(fHeadersList); +fHeadersList = NULL; } diff --git a/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.hpp b/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.hpp index f75857b..3900d4d 100644 --- a/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.hpp +++ b/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.hpp @@ -61,6 +61,8 @@ private : CurlURLInputStream(const CurlURLInputStream&); CurlURLInputStream& operator=(const CurlURLInputStream&); +void cleanup(); + static size_t staticWriteCallback(char *buffer, size_t size, size_t nitems, - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[GitHub] [xerces-c] rleigh-codelibre merged pull request #28: XERCESC-2218: CurlURLInputStream constructor: avoid memory leak
rleigh-codelibre merged pull request #28: URL: https://github.com/apache/xerces-c/pull/28 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[GitHub] [xerces-c] rleigh-codelibre merged pull request #29: XERCESC-2218: [Backport 3.2] CurlURLInputStream constructor: avoid memory leak
rleigh-codelibre merged pull request #29: URL: https://github.com/apache/xerces-c/pull/29 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[xerces-c] branch master updated: CurlURLInputStream constructor: avoid memory leak
This is an automated email from the ASF dual-hosted git repository. rleigh pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/xerces-c.git The following commit(s) were added to refs/heads/master by this push: new 327abd3 CurlURLInputStream constructor: avoid memory leak new a313987 Merge pull request #28 from rouault/curl_memleak_fix 327abd3 is described below commit 327abd3551bdbca808b7fc22019c51210358b645 Author: Even Rouault AuthorDate: Wed Aug 18 18:15:45 2021 +0200 CurlURLInputStream constructor: avoid memory leak CurlURLInputStream constructor calls the readMore() method, which can throw exceptions. In that situation, the destructor is not called, which results in resource/memory leaks. To fix that, catch the exceptions, manually do the cleanup and rethrow the exceptions. Found by ossfuzz (locally) --- .../util/NetAccessors/Curl/CurlURLInputStream.cpp | 28 +- .../util/NetAccessors/Curl/CurlURLInputStream.hpp | 2 ++ 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.cpp b/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.cpp index a7b125d..8c79ceb 100644 --- a/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.cpp +++ b/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.cpp @@ -160,7 +160,20 @@ CurlURLInputStream::CurlURLInputStream(const XMLURL& urlSource, const XMLNetHTTP while(fBufferHeadPtr == fBuffer) { int runningHandles = 0; -readMore(); +try +{ +readMore(); +} +catch(const MalformedURLException&) +{ +cleanup(); +throw; +} +catch(const NetAccessorException&) +{ +cleanup(); +throw; +} if(runningHandles == 0) break; } @@ -174,18 +187,31 @@ CurlURLInputStream::CurlURLInputStream(const XMLURL& urlSource, const XMLNetHTTP CurlURLInputStream::~CurlURLInputStream() { +cleanup(); +} + + +void CurlURLInputStream::cleanup() +{ +if (!fMulti ) +return; + // Remove the easy handle from the multi stack curl_multi_remove_handle(fMulti, fEasy); // Cleanup the easy handle curl_easy_cleanup(fEasy); +fEasy = NULL; // Cleanup the multi handle curl_multi_cleanup(fMulti); +fMulti = NULL; if(fContentType) fMemoryManager->deallocate(fContentType); +fContentType = NULL; if(fHeadersList) curl_slist_free_all(fHeadersList); +fHeadersList = NULL; } diff --git a/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.hpp b/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.hpp index 1ff2abf..06fa994 100644 --- a/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.hpp +++ b/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.hpp @@ -61,6 +61,8 @@ private : CurlURLInputStream(const CurlURLInputStream&); CurlURLInputStream& operator=(const CurlURLInputStream&); +void cleanup(); + static size_t staticWriteCallback(char *buffer, size_t size, size_t nitems, - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[jira] [Created] (XERCESC-2218) CurlURLInputStream constructor memory leak
Roger Leigh created XERCESC-2218: Summary: CurlURLInputStream constructor memory leak Key: XERCESC-2218 URL: https://issues.apache.org/jira/browse/XERCESC-2218 Project: Xerces-C++ Issue Type: Bug Affects Versions: 3.2.3 Reporter: Roger Leigh Assignee: Roger Leigh CurlURLInputStream constructor calls the readMore() method, which can throw exceptions. In that situation, the destructor is not called, which results in resource/memory leaks. To fix that, catch the exceptions, manually do the cleanup and rethrow the exceptions. Found by ossfuzz (locally) -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[GitHub] [xerces-c] rleigh-codelibre merged pull request #25: XERCESC-2217: [Backport 3.2] ICUTranscoder::transcodeFrom(): fix read heap-buffer-overflow
rleigh-codelibre merged pull request #25: URL: https://github.com/apache/xerces-c/pull/25 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[xerces-c] branch xerces-3.2 updated: ICUTranscoder::transcodeFrom(): fix read heap-buffer-overflow
This is an automated email from the ASF dual-hosted git repository. rleigh pushed a commit to branch xerces-3.2 in repository https://gitbox.apache.org/repos/asf/xerces-c.git The following commit(s) were added to refs/heads/xerces-3.2 by this push: new 4d35954 ICUTranscoder::transcodeFrom(): fix read heap-buffer-overflow new 19428fb Merge pull request #25 from rouault/fix_gdal_ossfuzz_35373_backport_3_2 4d35954 is described below commit 4d359541505a5554c2cc6353290593dc7db7a925 Author: Even Rouault AuthorDate: Tue Aug 10 12:20:35 2021 +0200 ICUTranscoder::transcodeFrom(): fix read heap-buffer-overflow Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35373 When charsDecoded == 0, the line ``for (index = 0; index < charsDecoded - 1; index++)`` will cause to read out of bounds of fSrcOffsets, due to unsigned integer underflow rules. --- src/xercesc/util/Transcoders/ICU/ICUTransService.cpp | 9 - 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/src/xercesc/util/Transcoders/ICU/ICUTransService.cpp b/src/xercesc/util/Transcoders/ICU/ICUTransService.cpp index 0ebcd37..ed7fb91 100644 --- a/src/xercesc/util/Transcoders/ICU/ICUTransService.cpp +++ b/src/xercesc/util/Transcoders/ICU/ICUTransService.cpp @@ -563,7 +563,7 @@ ICUTranscoder::transcodeFrom(const XMLByte* const srcData { charSizes[0] = (unsigned char)bytesEaten; } -else +else if( charsDecoded > 0 ) { // ICU does not return an extra element to allow us to figure // out the last char size, so we have to compute it from the @@ -574,10 +574,9 @@ ICUTranscoder::transcodeFrom(const XMLByte* const srcData charSizes[index] = (unsigned char)(fSrcOffsets[index + 1] - fSrcOffsets[index]); } -if( charsDecoded > 0 ) { -charSizes[charsDecoded - 1] = (unsigned char)(bytesEaten - - fSrcOffsets[charsDecoded - 1]); -} + +charSizes[charsDecoded - 1] = (unsigned char)(bytesEaten + - fSrcOffsets[charsDecoded - 1]); } } - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[GitHub] [xerces-c] rleigh-codelibre merged pull request #24: XERCESC-2217: ICUTranscoder::transcodeFrom(): fix read heap-buffer-overflow
rleigh-codelibre merged pull request #24: URL: https://github.com/apache/xerces-c/pull/24 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[xerces-c] branch master updated: ICUTranscoder::transcodeFrom(): fix read heap-buffer-overflow
This is an automated email from the ASF dual-hosted git repository. rleigh pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/xerces-c.git The following commit(s) were added to refs/heads/master by this push: new e335da5 ICUTranscoder::transcodeFrom(): fix read heap-buffer-overflow new b0e7b3c Merge pull request #24 from rouault/fix_gdal_ossfuzz_35373 e335da5 is described below commit e335da54127cd29091f6be97da97b24c9fd7c7e7 Author: Even Rouault AuthorDate: Tue Aug 10 12:20:35 2021 +0200 ICUTranscoder::transcodeFrom(): fix read heap-buffer-overflow Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35373 When charsDecoded == 0, the line ``for (index = 0; index < charsDecoded - 1; index++)`` will cause to read out of bounds of fSrcOffsets, due to unsigned integer underflow rules. --- src/xercesc/util/Transcoders/ICU/ICUTransService.cpp | 9 - 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/src/xercesc/util/Transcoders/ICU/ICUTransService.cpp b/src/xercesc/util/Transcoders/ICU/ICUTransService.cpp index 7660fca..a7bff4e 100644 --- a/src/xercesc/util/Transcoders/ICU/ICUTransService.cpp +++ b/src/xercesc/util/Transcoders/ICU/ICUTransService.cpp @@ -563,7 +563,7 @@ ICUTranscoder::transcodeFrom(const XMLByte* const srcData { charSizes[0] = (unsigned char)bytesEaten; } -else +else if( charsDecoded > 0 ) { // ICU does not return an extra element to allow us to figure // out the last char size, so we have to compute it from the @@ -574,10 +574,9 @@ ICUTranscoder::transcodeFrom(const XMLByte* const srcData charSizes[index] = (unsigned char)(fSrcOffsets[index + 1] - fSrcOffsets[index]); } -if( charsDecoded > 0 ) { -charSizes[charsDecoded - 1] = (unsigned char)(bytesEaten - - fSrcOffsets[charsDecoded - 1]); -} + +charSizes[charsDecoded - 1] = (unsigned char)(bytesEaten + - fSrcOffsets[charsDecoded - 1]); } } - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[jira] [Created] (XERCESC-2217) ICUTranscoder::transcodeFrom buffer overflow
Roger Leigh created XERCESC-2217: Summary: ICUTranscoder::transcodeFrom buffer overflow Key: XERCESC-2217 URL: https://issues.apache.org/jira/browse/XERCESC-2217 Project: Xerces-C++ Issue Type: Bug Affects Versions: 3.2.3 Reporter: Roger Leigh Assignee: Roger Leigh See https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35373 When charsDecoded == 0, the line for (index = 0; index < charsDecoded - 1; index++) will cause to read out of bounds of fSrcOffsets, due to unsigned integer underflow rules. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[GitHub] [xerces-c] rouault opened a new pull request #31: [Backport 3.2] XMLReader constructor: fix memory leak when refreshRawBuffer() throws
rouault opened a new pull request #31: URL: https://github.com/apache/xerces-c/pull/31 Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37529 on GDAL The backtrace of the exception that caused the memory leak was: ``` Catchpoint 1 (exception thrown), 0x75547672 in __cxa_throw () from /lib/x86_64-linux-gnu/libstdc++.so.6 (gdb) bt 0 0x75547672 in __cxa_throw () from /lib/x86_64-linux-gnu/libstdc++.so.6 1 0x724447c4 in xercesc_4_0::PosixFileMgr::fileRead (this=, f=, byteCount=, buffer=, manager=0x556df730) at xercesc/util/FileManagers/PosixFileMgr.cpp:160 2 0x724e6ec2 in xercesc_4_0::XMLReader::refreshRawBuffer (this=0x557e49f8) at xercesc/internal/XMLReader.cpp:1891 3 0x724e70d4 in xercesc_4_0::XMLReader::XMLReader (this=0x557e49f8, pubId=, sysId=0x55750920 u"/", streamToAdopt=0x5574e838, from=, type=xercesc_4_0::XMLReader::Type_General, source=xercesc_4_0::XMLReader::Source_External, throwAtEnd=false, calculateSrcOfs=false, lowWaterMark=100, version=xercesc_4_0::XMLReader::XMLV1_0, manager=0x556df730) at xercesc/internal/XMLReader.cpp:130 4 0x724ced75 in xercesc_4_0::ReaderMgr::createReader (this=this@entry=0x557896d8, src=..., refFrom=refFrom@entry=xercesc_4_0::XMLReader::RefFrom_NonLiteral, type=type@entry=xercesc_4_0::XMLReader::Type_General, source=source@entry=xercesc_4_0::XMLReader::Source_External, calcSrcOfs=false, lowWaterMark=100) at ./xercesc/sax/InputSource.hpp:314 5 0x724cb0af in xercesc_4_0::IGXMLScanner::scanReset (this=0x55789608, src=...) at xercesc/internal/IGXMLScanner2.cpp:1286 6 0x724c36e9 in xercesc_4_0::IGXMLScanner::scanDocument (this=0x55789608, src=...) at xercesc/internal/IGXMLScanner.cpp:198 7 0x7250abaf in xercesc_4_0::AbstractDOMParser::parse (this=0x7fffc2d0, source=...) at xercesc/parsers/AbstractDOMParser.cpp:545 8 0x724cbdbe in xercesc_4_0::IGXMLScanner::resolveSchemaGrammar (this=0x55792f78, loc=0x557dd694 u"/", uri=0x55737180 u"`", ignoreLoadSchema=) at xercesc/internal/IGXMLScanner2.cpp:1895 0x724cce7c in xercesc_4_0::IGXMLScanner::parseSchemaLocation (this=0x55792f78, schemaLocationStr=, ignoreLoadSchema=false) at ./xercesc/framework/XMLBuffer.hpp:171 10 0x724cd182 in xercesc_4_0::IGXMLScanner::scanRawAttrListforNameSpaces (this=this@entry=0x55792f78, attCount=attCount@entry=9) at xercesc/internal/IGXMLScanner2.cpp:1649 11 0x724c22cb in xercesc_4_0::IGXMLScanner::scanStartTagNS (this=0x55792f78, gotData=@0x7fffc91f: true) at xercesc/internal/IGXMLScanner.cpp:2213 12 0x724c3522 in xercesc_4_0::IGXMLScanner::scanContent (this=0x55792f78) at xercesc/internal/IGXMLScanner.cpp:890 13 0x724c3760 in xercesc_4_0::IGXMLScanner::scanDocument (this=0x55792f78, src=...) at xercesc/internal/IGXMLScanner.cpp:217 14 0x725158e3 in xercesc_4_0::SAX2XMLReaderImpl::parse (this=0x55731828, source=...) at xercesc/parsers/SAX2XMLReaderImpl.cpp:409 ``` Backport of https://github.com/apache/xerces-c/pull/30 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[GitHub] [xerces-c] rouault opened a new pull request #30: XMLReader constructor: fix memory leak when refreshRawBuffer() throws
rouault opened a new pull request #30: URL: https://github.com/apache/xerces-c/pull/30 Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37529 on GDAL The backtrace of the exception that caused the memory leak was: ``` Catchpoint 1 (exception thrown), 0x75547672 in __cxa_throw () from /lib/x86_64-linux-gnu/libstdc++.so.6 (gdb) bt 0 0x75547672 in __cxa_throw () from /lib/x86_64-linux-gnu/libstdc++.so.6 1 0x724447c4 in xercesc_4_0::PosixFileMgr::fileRead (this=, f=, byteCount=, buffer=, manager=0x556df730) at xercesc/util/FileManagers/PosixFileMgr.cpp:160 2 0x724e6ec2 in xercesc_4_0::XMLReader::refreshRawBuffer (this=0x557e49f8) at xercesc/internal/XMLReader.cpp:1891 3 0x724e70d4 in xercesc_4_0::XMLReader::XMLReader (this=0x557e49f8, pubId=, sysId=0x55750920 u"/", streamToAdopt=0x5574e838, from=, type=xercesc_4_0::XMLReader::Type_General, source=xercesc_4_0::XMLReader::Source_External, throwAtEnd=false, calculateSrcOfs=false, lowWaterMark=100, version=xercesc_4_0::XMLReader::XMLV1_0, manager=0x556df730) at xercesc/internal/XMLReader.cpp:130 4 0x724ced75 in xercesc_4_0::ReaderMgr::createReader (this=this@entry=0x557896d8, src=..., refFrom=refFrom@entry=xercesc_4_0::XMLReader::RefFrom_NonLiteral, type=type@entry=xercesc_4_0::XMLReader::Type_General, source=source@entry=xercesc_4_0::XMLReader::Source_External, calcSrcOfs=false, lowWaterMark=100) at ./xercesc/sax/InputSource.hpp:314 5 0x724cb0af in xercesc_4_0::IGXMLScanner::scanReset (this=0x55789608, src=...) at xercesc/internal/IGXMLScanner2.cpp:1286 6 0x724c36e9 in xercesc_4_0::IGXMLScanner::scanDocument (this=0x55789608, src=...) at xercesc/internal/IGXMLScanner.cpp:198 7 0x7250abaf in xercesc_4_0::AbstractDOMParser::parse (this=0x7fffc2d0, source=...) at xercesc/parsers/AbstractDOMParser.cpp:545 8 0x724cbdbe in xercesc_4_0::IGXMLScanner::resolveSchemaGrammar (this=0x55792f78, loc=0x557dd694 u"/", uri=0x55737180 u"`", ignoreLoadSchema=) at xercesc/internal/IGXMLScanner2.cpp:1895 0x724cce7c in xercesc_4_0::IGXMLScanner::parseSchemaLocation (this=0x55792f78, schemaLocationStr=, ignoreLoadSchema=false) at ./xercesc/framework/XMLBuffer.hpp:171 10 0x724cd182 in xercesc_4_0::IGXMLScanner::scanRawAttrListforNameSpaces (this=this@entry=0x55792f78, attCount=attCount@entry=9) at xercesc/internal/IGXMLScanner2.cpp:1649 11 0x724c22cb in xercesc_4_0::IGXMLScanner::scanStartTagNS (this=0x55792f78, gotData=@0x7fffc91f: true) at xercesc/internal/IGXMLScanner.cpp:2213 12 0x724c3522 in xercesc_4_0::IGXMLScanner::scanContent (this=0x55792f78) at xercesc/internal/IGXMLScanner.cpp:890 13 0x724c3760 in xercesc_4_0::IGXMLScanner::scanDocument (this=0x55792f78, src=...) at xercesc/internal/IGXMLScanner.cpp:217 14 0x725158e3 in xercesc_4_0::SAX2XMLReaderImpl::parse (this=0x55731828, source=...) at xercesc/parsers/SAX2XMLReaderImpl.cpp:409 ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org