[GitHub] [xerces-c] rleigh-codelibre merged pull request #31: XERCESC-2219: [Backport 3.2] XMLReader constructor: fix memory leak when refreshRawBuffer() throws
rleigh-codelibre merged pull request #31: URL: https://github.com/apache/xerces-c/pull/31 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[xerces-c] branch xerces-3.2 updated: XMLReader constructor: fix memory leak when refreshRawBuffer() throws
This is an automated email from the ASF dual-hosted git repository.
rleigh pushed a commit to branch xerces-3.2
in repository https://gitbox.apache.org/repos/asf/xerces-c.git
The following commit(s) were added to refs/heads/xerces-3.2 by this push:
new 286051c XMLReader constructor: fix memory leak when
refreshRawBuffer() throws
new a3be9dc Merge pull request #31 from
rouault/fix_ossfuzz_37529_backport_3_2
286051c is described below
commit 286051c73667be145b36d86febbe2ce9e48d42ff
Author: Even Rouault
AuthorDate: Mon Aug 23 21:39:48 2021 +0200
XMLReader constructor: fix memory leak when refreshRawBuffer() throws
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37529 on GDAL
The backtrace of the exception that caused the memory leak was:
```
Catchpoint 1 (exception thrown), 0x75547672 in __cxa_throw () from
/lib/x86_64-linux-gnu/libstdc++.so.6
(gdb) bt
0 0x75547672 in __cxa_throw () from
/lib/x86_64-linux-gnu/libstdc++.so.6
1 0x724447c4 in xercesc_4_0::PosixFileMgr::fileRead
(this=, f=, byteCount=,
buffer=, manager=0x556df730)
at xercesc/util/FileManagers/PosixFileMgr.cpp:160
2 0x724e6ec2 in xercesc_4_0::XMLReader::refreshRawBuffer
(this=0x557e49f8) at xercesc/internal/XMLReader.cpp:1891
3 0x724e70d4 in xercesc_4_0::XMLReader::XMLReader
(this=0x557e49f8, pubId=, sysId=0x55750920 u"/",
streamToAdopt=0x5574e838, from=,
type=xercesc_4_0::XMLReader::Type_General,
source=xercesc_4_0::XMLReader::Source_External, throwAtEnd=false,
calculateSrcOfs=false, lowWaterMark=100,
version=xercesc_4_0::XMLReader::XMLV1_0,
manager=0x556df730) at xercesc/internal/XMLReader.cpp:130
4 0x724ced75 in xercesc_4_0::ReaderMgr::createReader
(this=this@entry=0x557896d8, src=...,
refFrom=refFrom@entry=xercesc_4_0::XMLReader::RefFrom_NonLiteral,
type=type@entry=xercesc_4_0::XMLReader::Type_General,
source=source@entry=xercesc_4_0::XMLReader::Source_External, calcSrcOfs=false,
lowWaterMark=100) at ./xercesc/sax/InputSource.hpp:314
5 0x724cb0af in xercesc_4_0::IGXMLScanner::scanReset
(this=0x55789608, src=...) at xercesc/internal/IGXMLScanner2.cpp:1286
6 0x724c36e9 in xercesc_4_0::IGXMLScanner::scanDocument
(this=0x55789608, src=...) at xercesc/internal/IGXMLScanner.cpp:198
7 0x7250abaf in xercesc_4_0::AbstractDOMParser::parse
(this=0x7fffc2d0, source=...) at xercesc/parsers/AbstractDOMParser.cpp:545
8 0x724cbdbe in xercesc_4_0::IGXMLScanner::resolveSchemaGrammar
(this=0x55792f78, loc=0x557dd694 u"/", uri=0x55737180 u"`",
ignoreLoadSchema=)
at xercesc/internal/IGXMLScanner2.cpp:1895
0x724cce7c in xercesc_4_0::IGXMLScanner::parseSchemaLocation
(this=0x55792f78, schemaLocationStr=,
ignoreLoadSchema=false) at ./xercesc/framework/XMLBuffer.hpp:171
10 0x724cd182 in
xercesc_4_0::IGXMLScanner::scanRawAttrListforNameSpaces
(this=this@entry=0x55792f78, attCount=attCount@entry=9) at
xercesc/internal/IGXMLScanner2.cpp:1649
11 0x724c22cb in xercesc_4_0::IGXMLScanner::scanStartTagNS
(this=0x55792f78, gotData=@0x7fffc91f: true) at
xercesc/internal/IGXMLScanner.cpp:2213
12 0x724c3522 in xercesc_4_0::IGXMLScanner::scanContent
(this=0x55792f78) at xercesc/internal/IGXMLScanner.cpp:890
13 0x724c3760 in xercesc_4_0::IGXMLScanner::scanDocument
(this=0x55792f78, src=...) at xercesc/internal/IGXMLScanner.cpp:217
14 0x725158e3 in xercesc_4_0::SAX2XMLReaderImpl::parse
(this=0x55731828, source=...) at xercesc/parsers/SAX2XMLReaderImpl.cpp:409
```
---
src/xercesc/internal/ReaderMgr.cpp | 6 +
src/xercesc/internal/XMLReader.cpp | 47 +-
src/xercesc/internal/XMLReader.hpp | 2 ++
3 files changed, 49 insertions(+), 6 deletions(-)
diff --git a/src/xercesc/internal/ReaderMgr.cpp
b/src/xercesc/internal/ReaderMgr.cpp
index d14483e..18d8596 100644
--- a/src/xercesc/internal/ReaderMgr.cpp
+++ b/src/xercesc/internal/ReaderMgr.cpp
@@ -436,6 +436,12 @@ XMLReader* ReaderMgr::createReader( const InputSource&
src
);
}
}
+catch(const XMLPlatformUtilsException&)
+{
+streamJanitor.release();
+
+throw;
+}
catch(const OutOfMemoryException&)
{
streamJanitor.release();
diff --git a/src/xercesc/internal/XMLReader.cpp
b/src/xercesc/internal/XMLReader.cpp
index 405474a..9acfad8 100644
--- a/src/xercesc/internal/XMLReader.cpp
+++ b/src/xercesc/internal/XMLReader.cpp
@@ -124,8 +124,16 @@ XMLReader::XMLReader(const XMLCh* const pubId
{
setXMLVersion(version);
-// Do an initial load of raw bytes
-refreshRawBuffer();
+try
+{
+// Do an initial load of raw bytes
+refreshRawBuffer();
+}
+catch (const
[GitHub] [xerces-c] rleigh-codelibre merged pull request #30: XERCESC-2219: XMLReader constructor: fix memory leak when refreshRawBuffer() throws
rleigh-codelibre merged pull request #30: URL: https://github.com/apache/xerces-c/pull/30 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[xerces-c] branch master updated: XMLReader constructor: fix memory leak when refreshRawBuffer() throws
This is an automated email from the ASF dual-hosted git repository.
rleigh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/xerces-c.git
The following commit(s) were added to refs/heads/master by this push:
new cf436ab XMLReader constructor: fix memory leak when
refreshRawBuffer() throws
new caa6515 Merge pull request #30 from rouault/fix_ossfuzz_37529
cf436ab is described below
commit cf436abc181ab65824f6f51ae087e166dbdcd249
Author: Even Rouault
AuthorDate: Mon Aug 23 21:39:48 2021 +0200
XMLReader constructor: fix memory leak when refreshRawBuffer() throws
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37529 on GDAL
The backtrace of the exception that caused the memory leak was:
```
Catchpoint 1 (exception thrown), 0x75547672 in __cxa_throw () from
/lib/x86_64-linux-gnu/libstdc++.so.6
(gdb) bt
0 0x75547672 in __cxa_throw () from
/lib/x86_64-linux-gnu/libstdc++.so.6
1 0x724447c4 in xercesc_4_0::PosixFileMgr::fileRead
(this=, f=, byteCount=,
buffer=, manager=0x556df730)
at xercesc/util/FileManagers/PosixFileMgr.cpp:160
2 0x724e6ec2 in xercesc_4_0::XMLReader::refreshRawBuffer
(this=0x557e49f8) at xercesc/internal/XMLReader.cpp:1891
3 0x724e70d4 in xercesc_4_0::XMLReader::XMLReader
(this=0x557e49f8, pubId=, sysId=0x55750920 u"/",
streamToAdopt=0x5574e838, from=,
type=xercesc_4_0::XMLReader::Type_General,
source=xercesc_4_0::XMLReader::Source_External, throwAtEnd=false,
calculateSrcOfs=false, lowWaterMark=100,
version=xercesc_4_0::XMLReader::XMLV1_0,
manager=0x556df730) at xercesc/internal/XMLReader.cpp:130
4 0x724ced75 in xercesc_4_0::ReaderMgr::createReader
(this=this@entry=0x557896d8, src=...,
refFrom=refFrom@entry=xercesc_4_0::XMLReader::RefFrom_NonLiteral,
type=type@entry=xercesc_4_0::XMLReader::Type_General,
source=source@entry=xercesc_4_0::XMLReader::Source_External, calcSrcOfs=false,
lowWaterMark=100) at ./xercesc/sax/InputSource.hpp:314
5 0x724cb0af in xercesc_4_0::IGXMLScanner::scanReset
(this=0x55789608, src=...) at xercesc/internal/IGXMLScanner2.cpp:1286
6 0x724c36e9 in xercesc_4_0::IGXMLScanner::scanDocument
(this=0x55789608, src=...) at xercesc/internal/IGXMLScanner.cpp:198
7 0x7250abaf in xercesc_4_0::AbstractDOMParser::parse
(this=0x7fffc2d0, source=...) at xercesc/parsers/AbstractDOMParser.cpp:545
8 0x724cbdbe in xercesc_4_0::IGXMLScanner::resolveSchemaGrammar
(this=0x55792f78, loc=0x557dd694 u"/", uri=0x55737180 u"`",
ignoreLoadSchema=)
at xercesc/internal/IGXMLScanner2.cpp:1895
0x724cce7c in xercesc_4_0::IGXMLScanner::parseSchemaLocation
(this=0x55792f78, schemaLocationStr=,
ignoreLoadSchema=false) at ./xercesc/framework/XMLBuffer.hpp:171
10 0x724cd182 in
xercesc_4_0::IGXMLScanner::scanRawAttrListforNameSpaces
(this=this@entry=0x55792f78, attCount=attCount@entry=9) at
xercesc/internal/IGXMLScanner2.cpp:1649
11 0x724c22cb in xercesc_4_0::IGXMLScanner::scanStartTagNS
(this=0x55792f78, gotData=@0x7fffc91f: true) at
xercesc/internal/IGXMLScanner.cpp:2213
12 0x724c3522 in xercesc_4_0::IGXMLScanner::scanContent
(this=0x55792f78) at xercesc/internal/IGXMLScanner.cpp:890
13 0x724c3760 in xercesc_4_0::IGXMLScanner::scanDocument
(this=0x55792f78, src=...) at xercesc/internal/IGXMLScanner.cpp:217
14 0x725158e3 in xercesc_4_0::SAX2XMLReaderImpl::parse
(this=0x55731828, source=...) at xercesc/parsers/SAX2XMLReaderImpl.cpp:409
```
---
src/xercesc/internal/ReaderMgr.cpp | 6 +
src/xercesc/internal/XMLReader.cpp | 47 +-
src/xercesc/internal/XMLReader.hpp | 2 ++
3 files changed, 49 insertions(+), 6 deletions(-)
diff --git a/src/xercesc/internal/ReaderMgr.cpp
b/src/xercesc/internal/ReaderMgr.cpp
index 0d92fc9..4e59a4a 100644
--- a/src/xercesc/internal/ReaderMgr.cpp
+++ b/src/xercesc/internal/ReaderMgr.cpp
@@ -436,6 +436,12 @@ XMLReader* ReaderMgr::createReader( const InputSource&
src
);
}
}
+catch(const XMLPlatformUtilsException&)
+{
+streamJanitor.release();
+
+throw;
+}
catch(const OutOfMemoryException&)
{
streamJanitor.release();
diff --git a/src/xercesc/internal/XMLReader.cpp
b/src/xercesc/internal/XMLReader.cpp
index 1facb53..bf43886 100644
--- a/src/xercesc/internal/XMLReader.cpp
+++ b/src/xercesc/internal/XMLReader.cpp
@@ -124,8 +124,16 @@ XMLReader::XMLReader(const XMLCh* const pubId
{
setXMLVersion(version);
-// Do an initial load of raw bytes
-refreshRawBuffer();
+try
+{
+// Do an initial load of raw bytes
+refreshRawBuffer();
+}
+catch (const
Xerces-C++ 3.2.4
Hi folks, Would it be possible to add 3.2.4 as a new unreleased version in Jira? As you have probably seen, Even Rouault has made several changes to fix bugs on the 3.2 branch, and it would be useful to release them. Are there any other needed fixes to go into a new 3.2 point release? Thanks all, Roger
[jira] [Created] (XERCESC-2219) XMLReader constructor: memory leak when refreshRawBuffer() throws
Roger Leigh created XERCESC-2219:
Summary: XMLReader constructor: memory leak when
refreshRawBuffer() throws
Key: XERCESC-2219
URL: https://issues.apache.org/jira/browse/XERCESC-2219
Project: Xerces-C++
Issue Type: Bug
Affects Versions: 3.2.3
Reporter: Roger Leigh
Assignee: Roger Leigh
See https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37529 on GDAL
The backtrace of the exception that caused the memory leak was:
{noformat}
Catchpoint 1 (exception thrown), 0x75547672 in __cxa_throw () from
/lib/x86_64-linux-gnu/libstdc++.so.6
(gdb) bt
0 0x75547672 in __cxa_throw () from
/lib/x86_64-linux-gnu/libstdc++.so.6
1 0x724447c4 in xercesc_4_0::PosixFileMgr::fileRead (this=, f=, byteCount=, buffer=,
manager=0x556df730)
at xercesc/util/FileManagers/PosixFileMgr.cpp:160
2 0x724e6ec2 in xercesc_4_0::XMLReader::refreshRawBuffer
(this=0x557e49f8) at xercesc/internal/XMLReader.cpp:1891
3 0x724e70d4 in xercesc_4_0::XMLReader::XMLReader
(this=0x557e49f8, pubId=, sysId=0x55750920 u"/",
streamToAdopt=0x5574e838, from=,
type=xercesc_4_0::XMLReader::Type_General,
source=xercesc_4_0::XMLReader::Source_External, throwAtEnd=false,
calculateSrcOfs=false, lowWaterMark=100,
version=xercesc_4_0::XMLReader::XMLV1_0,
manager=0x556df730) at xercesc/internal/XMLReader.cpp:130
4 0x724ced75 in xercesc_4_0::ReaderMgr::createReader
(this=this@entry=0x557896d8, src=...,
refFrom=refFrom@entry=xercesc_4_0::XMLReader::RefFrom_NonLiteral,
type=type@entry=xercesc_4_0::XMLReader::Type_General,
source=source@entry=xercesc_4_0::XMLReader::Source_External, calcSrcOfs=false,
lowWaterMark=100) at ./xercesc/sax/InputSource.hpp:314
5 0x724cb0af in xercesc_4_0::IGXMLScanner::scanReset
(this=0x55789608, src=...) at xercesc/internal/IGXMLScanner2.cpp:1286
6 0x724c36e9 in xercesc_4_0::IGXMLScanner::scanDocument
(this=0x55789608, src=...) at xercesc/internal/IGXMLScanner.cpp:198
7 0x7250abaf in xercesc_4_0::AbstractDOMParser::parse
(this=0x7fffc2d0, source=...) at xercesc/parsers/AbstractDOMParser.cpp:545
8 0x724cbdbe in xercesc_4_0::IGXMLScanner::resolveSchemaGrammar
(this=0x55792f78, loc=0x557dd694 u"/", uri=0x55737180 u"`",
ignoreLoadSchema=)
at xercesc/internal/IGXMLScanner2.cpp:1895
0x724cce7c in xercesc_4_0::IGXMLScanner::parseSchemaLocation
(this=0x55792f78, schemaLocationStr=,
ignoreLoadSchema=false) at ./xercesc/framework/XMLBuffer.hpp:171
10 0x724cd182 in
xercesc_4_0::IGXMLScanner::scanRawAttrListforNameSpaces
(this=this@entry=0x55792f78, attCount=attCount@entry=9) at
xercesc/internal/IGXMLScanner2.cpp:1649
11 0x724c22cb in xercesc_4_0::IGXMLScanner::scanStartTagNS
(this=0x55792f78, gotData=@0x7fffc91f: true) at
xercesc/internal/IGXMLScanner.cpp:2213
12 0x724c3522 in xercesc_4_0::IGXMLScanner::scanContent
(this=0x55792f78) at xercesc/internal/IGXMLScanner.cpp:890
13 0x724c3760 in xercesc_4_0::IGXMLScanner::scanDocument
(this=0x55792f78, src=...) at xercesc/internal/IGXMLScanner.cpp:217
14 0x725158e3 in xercesc_4_0::SAX2XMLReaderImpl::parse
(this=0x55731828, source=...) at xercesc/parsers/SAX2XMLReaderImpl.cpp:409
{noformat}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org
[xerces-c] branch xerces-3.2 updated: CurlURLInputStream constructor: avoid memory leak
This is an automated email from the ASF dual-hosted git repository.
rleigh pushed a commit to branch xerces-3.2
in repository https://gitbox.apache.org/repos/asf/xerces-c.git
The following commit(s) were added to refs/heads/xerces-3.2 by this push:
new b8f2b83 CurlURLInputStream constructor: avoid memory leak
new 9ac2a9c Merge pull request #29 from
rouault/backport_3_2_curl_memleak_fix
b8f2b83 is described below
commit b8f2b836358bb9e338c677eb71ec7fdfbd13643b
Author: Even Rouault
AuthorDate: Wed Aug 18 18:15:45 2021 +0200
CurlURLInputStream constructor: avoid memory leak
CurlURLInputStream constructor calls the readMore() method, which can
throw exceptions. In that situation, the destructor is not called, which
results in resource/memory leaks. To fix that, catch the exceptions,
manually do the cleanup and rethrow the exceptions.
Found by ossfuzz (locally)
---
.../util/NetAccessors/Curl/CurlURLInputStream.cpp | 28 +-
.../util/NetAccessors/Curl/CurlURLInputStream.hpp | 2 ++
2 files changed, 29 insertions(+), 1 deletion(-)
diff --git a/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.cpp
b/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.cpp
index 5ed6593..2980dc2 100644
--- a/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.cpp
+++ b/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.cpp
@@ -160,7 +160,20 @@ CurlURLInputStream::CurlURLInputStream(const XMLURL&
urlSource, const XMLNetHTTP
while(fBufferHeadPtr == fBuffer)
{
int runningHandles = 0;
-readMore();
+try
+{
+readMore();
+}
+catch(const MalformedURLException&)
+{
+cleanup();
+throw;
+}
+catch(const NetAccessorException&)
+{
+cleanup();
+throw;
+}
if(runningHandles == 0) break;
}
@@ -174,18 +187,31 @@ CurlURLInputStream::CurlURLInputStream(const XMLURL&
urlSource, const XMLNetHTTP
CurlURLInputStream::~CurlURLInputStream()
{
+cleanup();
+}
+
+
+void CurlURLInputStream::cleanup()
+{
+if (!fMulti )
+return;
+
// Remove the easy handle from the multi stack
curl_multi_remove_handle(fMulti, fEasy);
// Cleanup the easy handle
curl_easy_cleanup(fEasy);
+fEasy = NULL;
// Cleanup the multi handle
curl_multi_cleanup(fMulti);
+fMulti = NULL;
if(fContentType) fMemoryManager->deallocate(fContentType);
+fContentType = NULL;
if(fHeadersList) curl_slist_free_all(fHeadersList);
+fHeadersList = NULL;
}
diff --git a/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.hpp
b/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.hpp
index f75857b..3900d4d 100644
--- a/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.hpp
+++ b/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.hpp
@@ -61,6 +61,8 @@ private :
CurlURLInputStream(const CurlURLInputStream&);
CurlURLInputStream& operator=(const CurlURLInputStream&);
+void cleanup();
+
static size_t staticWriteCallback(char *buffer,
size_t size,
size_t nitems,
-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org
[GitHub] [xerces-c] rleigh-codelibre merged pull request #28: XERCESC-2218: CurlURLInputStream constructor: avoid memory leak
rleigh-codelibre merged pull request #28: URL: https://github.com/apache/xerces-c/pull/28 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[GitHub] [xerces-c] rleigh-codelibre merged pull request #29: XERCESC-2218: [Backport 3.2] CurlURLInputStream constructor: avoid memory leak
rleigh-codelibre merged pull request #29: URL: https://github.com/apache/xerces-c/pull/29 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[xerces-c] branch master updated: CurlURLInputStream constructor: avoid memory leak
This is an automated email from the ASF dual-hosted git repository.
rleigh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/xerces-c.git
The following commit(s) were added to refs/heads/master by this push:
new 327abd3 CurlURLInputStream constructor: avoid memory leak
new a313987 Merge pull request #28 from rouault/curl_memleak_fix
327abd3 is described below
commit 327abd3551bdbca808b7fc22019c51210358b645
Author: Even Rouault
AuthorDate: Wed Aug 18 18:15:45 2021 +0200
CurlURLInputStream constructor: avoid memory leak
CurlURLInputStream constructor calls the readMore() method, which can
throw exceptions. In that situation, the destructor is not called, which
results in resource/memory leaks. To fix that, catch the exceptions,
manually do the cleanup and rethrow the exceptions.
Found by ossfuzz (locally)
---
.../util/NetAccessors/Curl/CurlURLInputStream.cpp | 28 +-
.../util/NetAccessors/Curl/CurlURLInputStream.hpp | 2 ++
2 files changed, 29 insertions(+), 1 deletion(-)
diff --git a/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.cpp
b/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.cpp
index a7b125d..8c79ceb 100644
--- a/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.cpp
+++ b/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.cpp
@@ -160,7 +160,20 @@ CurlURLInputStream::CurlURLInputStream(const XMLURL&
urlSource, const XMLNetHTTP
while(fBufferHeadPtr == fBuffer)
{
int runningHandles = 0;
-readMore();
+try
+{
+readMore();
+}
+catch(const MalformedURLException&)
+{
+cleanup();
+throw;
+}
+catch(const NetAccessorException&)
+{
+cleanup();
+throw;
+}
if(runningHandles == 0) break;
}
@@ -174,18 +187,31 @@ CurlURLInputStream::CurlURLInputStream(const XMLURL&
urlSource, const XMLNetHTTP
CurlURLInputStream::~CurlURLInputStream()
{
+cleanup();
+}
+
+
+void CurlURLInputStream::cleanup()
+{
+if (!fMulti )
+return;
+
// Remove the easy handle from the multi stack
curl_multi_remove_handle(fMulti, fEasy);
// Cleanup the easy handle
curl_easy_cleanup(fEasy);
+fEasy = NULL;
// Cleanup the multi handle
curl_multi_cleanup(fMulti);
+fMulti = NULL;
if(fContentType) fMemoryManager->deallocate(fContentType);
+fContentType = NULL;
if(fHeadersList) curl_slist_free_all(fHeadersList);
+fHeadersList = NULL;
}
diff --git a/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.hpp
b/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.hpp
index 1ff2abf..06fa994 100644
--- a/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.hpp
+++ b/src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.hpp
@@ -61,6 +61,8 @@ private :
CurlURLInputStream(const CurlURLInputStream&);
CurlURLInputStream& operator=(const CurlURLInputStream&);
+void cleanup();
+
static size_t staticWriteCallback(char *buffer,
size_t size,
size_t nitems,
-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org
[jira] [Created] (XERCESC-2218) CurlURLInputStream constructor memory leak
Roger Leigh created XERCESC-2218: Summary: CurlURLInputStream constructor memory leak Key: XERCESC-2218 URL: https://issues.apache.org/jira/browse/XERCESC-2218 Project: Xerces-C++ Issue Type: Bug Affects Versions: 3.2.3 Reporter: Roger Leigh Assignee: Roger Leigh CurlURLInputStream constructor calls the readMore() method, which can throw exceptions. In that situation, the destructor is not called, which results in resource/memory leaks. To fix that, catch the exceptions, manually do the cleanup and rethrow the exceptions. Found by ossfuzz (locally) -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[GitHub] [xerces-c] rleigh-codelibre merged pull request #25: XERCESC-2217: [Backport 3.2] ICUTranscoder::transcodeFrom(): fix read heap-buffer-overflow
rleigh-codelibre merged pull request #25: URL: https://github.com/apache/xerces-c/pull/25 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[xerces-c] branch xerces-3.2 updated: ICUTranscoder::transcodeFrom(): fix read heap-buffer-overflow
This is an automated email from the ASF dual-hosted git repository.
rleigh pushed a commit to branch xerces-3.2
in repository https://gitbox.apache.org/repos/asf/xerces-c.git
The following commit(s) were added to refs/heads/xerces-3.2 by this push:
new 4d35954 ICUTranscoder::transcodeFrom(): fix read heap-buffer-overflow
new 19428fb Merge pull request #25 from
rouault/fix_gdal_ossfuzz_35373_backport_3_2
4d35954 is described below
commit 4d359541505a5554c2cc6353290593dc7db7a925
Author: Even Rouault
AuthorDate: Tue Aug 10 12:20:35 2021 +0200
ICUTranscoder::transcodeFrom(): fix read heap-buffer-overflow
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35373
When charsDecoded == 0, the line ``for (index = 0; index < charsDecoded
- 1; index++)`` will cause to read out of bounds of fSrcOffsets, due to
unsigned integer underflow rules.
---
src/xercesc/util/Transcoders/ICU/ICUTransService.cpp | 9 -
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/src/xercesc/util/Transcoders/ICU/ICUTransService.cpp
b/src/xercesc/util/Transcoders/ICU/ICUTransService.cpp
index 0ebcd37..ed7fb91 100644
--- a/src/xercesc/util/Transcoders/ICU/ICUTransService.cpp
+++ b/src/xercesc/util/Transcoders/ICU/ICUTransService.cpp
@@ -563,7 +563,7 @@ ICUTranscoder::transcodeFrom(const XMLByte* const
srcData
{
charSizes[0] = (unsigned char)bytesEaten;
}
-else
+else if( charsDecoded > 0 )
{
// ICU does not return an extra element to allow us to figure
// out the last char size, so we have to compute it from the
@@ -574,10 +574,9 @@ ICUTranscoder::transcodeFrom(const XMLByte* const
srcData
charSizes[index] = (unsigned char)(fSrcOffsets[index + 1]
- fSrcOffsets[index]);
}
-if( charsDecoded > 0 ) {
-charSizes[charsDecoded - 1] = (unsigned char)(bytesEaten
- - fSrcOffsets[charsDecoded - 1]);
-}
+
+charSizes[charsDecoded - 1] = (unsigned char)(bytesEaten
+ - fSrcOffsets[charsDecoded - 1]);
}
}
-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org
[GitHub] [xerces-c] rleigh-codelibre merged pull request #24: XERCESC-2217: ICUTranscoder::transcodeFrom(): fix read heap-buffer-overflow
rleigh-codelibre merged pull request #24: URL: https://github.com/apache/xerces-c/pull/24 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[xerces-c] branch master updated: ICUTranscoder::transcodeFrom(): fix read heap-buffer-overflow
This is an automated email from the ASF dual-hosted git repository.
rleigh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/xerces-c.git
The following commit(s) were added to refs/heads/master by this push:
new e335da5 ICUTranscoder::transcodeFrom(): fix read heap-buffer-overflow
new b0e7b3c Merge pull request #24 from rouault/fix_gdal_ossfuzz_35373
e335da5 is described below
commit e335da54127cd29091f6be97da97b24c9fd7c7e7
Author: Even Rouault
AuthorDate: Tue Aug 10 12:20:35 2021 +0200
ICUTranscoder::transcodeFrom(): fix read heap-buffer-overflow
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35373
When charsDecoded == 0, the line ``for (index = 0; index < charsDecoded
- 1; index++)`` will cause to read out of bounds of fSrcOffsets, due to
unsigned integer underflow rules.
---
src/xercesc/util/Transcoders/ICU/ICUTransService.cpp | 9 -
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/src/xercesc/util/Transcoders/ICU/ICUTransService.cpp
b/src/xercesc/util/Transcoders/ICU/ICUTransService.cpp
index 7660fca..a7bff4e 100644
--- a/src/xercesc/util/Transcoders/ICU/ICUTransService.cpp
+++ b/src/xercesc/util/Transcoders/ICU/ICUTransService.cpp
@@ -563,7 +563,7 @@ ICUTranscoder::transcodeFrom(const XMLByte* const
srcData
{
charSizes[0] = (unsigned char)bytesEaten;
}
-else
+else if( charsDecoded > 0 )
{
// ICU does not return an extra element to allow us to figure
// out the last char size, so we have to compute it from the
@@ -574,10 +574,9 @@ ICUTranscoder::transcodeFrom(const XMLByte* const
srcData
charSizes[index] = (unsigned char)(fSrcOffsets[index + 1]
- fSrcOffsets[index]);
}
-if( charsDecoded > 0 ) {
-charSizes[charsDecoded - 1] = (unsigned char)(bytesEaten
- - fSrcOffsets[charsDecoded - 1]);
-}
+
+charSizes[charsDecoded - 1] = (unsigned char)(bytesEaten
+ - fSrcOffsets[charsDecoded - 1]);
}
}
-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org
[jira] [Created] (XERCESC-2217) ICUTranscoder::transcodeFrom buffer overflow
Roger Leigh created XERCESC-2217: Summary: ICUTranscoder::transcodeFrom buffer overflow Key: XERCESC-2217 URL: https://issues.apache.org/jira/browse/XERCESC-2217 Project: Xerces-C++ Issue Type: Bug Affects Versions: 3.2.3 Reporter: Roger Leigh Assignee: Roger Leigh See https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35373 When charsDecoded == 0, the line for (index = 0; index < charsDecoded - 1; index++) will cause to read out of bounds of fSrcOffsets, due to unsigned integer underflow rules. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[GitHub] [xerces-c] rouault opened a new pull request #31: [Backport 3.2] XMLReader constructor: fix memory leak when refreshRawBuffer() throws
rouault opened a new pull request #31: URL: https://github.com/apache/xerces-c/pull/31 Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37529 on GDAL The backtrace of the exception that caused the memory leak was: ``` Catchpoint 1 (exception thrown), 0x75547672 in __cxa_throw () from /lib/x86_64-linux-gnu/libstdc++.so.6 (gdb) bt 0 0x75547672 in __cxa_throw () from /lib/x86_64-linux-gnu/libstdc++.so.6 1 0x724447c4 in xercesc_4_0::PosixFileMgr::fileRead (this=, f=, byteCount=, buffer=, manager=0x556df730) at xercesc/util/FileManagers/PosixFileMgr.cpp:160 2 0x724e6ec2 in xercesc_4_0::XMLReader::refreshRawBuffer (this=0x557e49f8) at xercesc/internal/XMLReader.cpp:1891 3 0x724e70d4 in xercesc_4_0::XMLReader::XMLReader (this=0x557e49f8, pubId=, sysId=0x55750920 u"/", streamToAdopt=0x5574e838, from=, type=xercesc_4_0::XMLReader::Type_General, source=xercesc_4_0::XMLReader::Source_External, throwAtEnd=false, calculateSrcOfs=false, lowWaterMark=100, version=xercesc_4_0::XMLReader::XMLV1_0, manager=0x556df730) at xercesc/internal/XMLReader.cpp:130 4 0x724ced75 in xercesc_4_0::ReaderMgr::createReader (this=this@entry=0x557896d8, src=..., refFrom=refFrom@entry=xercesc_4_0::XMLReader::RefFrom_NonLiteral, type=type@entry=xercesc_4_0::XMLReader::Type_General, source=source@entry=xercesc_4_0::XMLReader::Source_External, calcSrcOfs=false, lowWaterMark=100) at ./xercesc/sax/InputSource.hpp:314 5 0x724cb0af in xercesc_4_0::IGXMLScanner::scanReset (this=0x55789608, src=...) at xercesc/internal/IGXMLScanner2.cpp:1286 6 0x724c36e9 in xercesc_4_0::IGXMLScanner::scanDocument (this=0x55789608, src=...) at xercesc/internal/IGXMLScanner.cpp:198 7 0x7250abaf in xercesc_4_0::AbstractDOMParser::parse (this=0x7fffc2d0, source=...) at xercesc/parsers/AbstractDOMParser.cpp:545 8 0x724cbdbe in xercesc_4_0::IGXMLScanner::resolveSchemaGrammar (this=0x55792f78, loc=0x557dd694 u"/", uri=0x55737180 u"`", ignoreLoadSchema=) at xercesc/internal/IGXMLScanner2.cpp:1895 0x724cce7c in xercesc_4_0::IGXMLScanner::parseSchemaLocation (this=0x55792f78, schemaLocationStr=, ignoreLoadSchema=false) at ./xercesc/framework/XMLBuffer.hpp:171 10 0x724cd182 in xercesc_4_0::IGXMLScanner::scanRawAttrListforNameSpaces (this=this@entry=0x55792f78, attCount=attCount@entry=9) at xercesc/internal/IGXMLScanner2.cpp:1649 11 0x724c22cb in xercesc_4_0::IGXMLScanner::scanStartTagNS (this=0x55792f78, gotData=@0x7fffc91f: true) at xercesc/internal/IGXMLScanner.cpp:2213 12 0x724c3522 in xercesc_4_0::IGXMLScanner::scanContent (this=0x55792f78) at xercesc/internal/IGXMLScanner.cpp:890 13 0x724c3760 in xercesc_4_0::IGXMLScanner::scanDocument (this=0x55792f78, src=...) at xercesc/internal/IGXMLScanner.cpp:217 14 0x725158e3 in xercesc_4_0::SAX2XMLReaderImpl::parse (this=0x55731828, source=...) at xercesc/parsers/SAX2XMLReaderImpl.cpp:409 ``` Backport of https://github.com/apache/xerces-c/pull/30 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[GitHub] [xerces-c] rouault opened a new pull request #30: XMLReader constructor: fix memory leak when refreshRawBuffer() throws
rouault opened a new pull request #30: URL: https://github.com/apache/xerces-c/pull/30 Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37529 on GDAL The backtrace of the exception that caused the memory leak was: ``` Catchpoint 1 (exception thrown), 0x75547672 in __cxa_throw () from /lib/x86_64-linux-gnu/libstdc++.so.6 (gdb) bt 0 0x75547672 in __cxa_throw () from /lib/x86_64-linux-gnu/libstdc++.so.6 1 0x724447c4 in xercesc_4_0::PosixFileMgr::fileRead (this=, f=, byteCount=, buffer=, manager=0x556df730) at xercesc/util/FileManagers/PosixFileMgr.cpp:160 2 0x724e6ec2 in xercesc_4_0::XMLReader::refreshRawBuffer (this=0x557e49f8) at xercesc/internal/XMLReader.cpp:1891 3 0x724e70d4 in xercesc_4_0::XMLReader::XMLReader (this=0x557e49f8, pubId=, sysId=0x55750920 u"/", streamToAdopt=0x5574e838, from=, type=xercesc_4_0::XMLReader::Type_General, source=xercesc_4_0::XMLReader::Source_External, throwAtEnd=false, calculateSrcOfs=false, lowWaterMark=100, version=xercesc_4_0::XMLReader::XMLV1_0, manager=0x556df730) at xercesc/internal/XMLReader.cpp:130 4 0x724ced75 in xercesc_4_0::ReaderMgr::createReader (this=this@entry=0x557896d8, src=..., refFrom=refFrom@entry=xercesc_4_0::XMLReader::RefFrom_NonLiteral, type=type@entry=xercesc_4_0::XMLReader::Type_General, source=source@entry=xercesc_4_0::XMLReader::Source_External, calcSrcOfs=false, lowWaterMark=100) at ./xercesc/sax/InputSource.hpp:314 5 0x724cb0af in xercesc_4_0::IGXMLScanner::scanReset (this=0x55789608, src=...) at xercesc/internal/IGXMLScanner2.cpp:1286 6 0x724c36e9 in xercesc_4_0::IGXMLScanner::scanDocument (this=0x55789608, src=...) at xercesc/internal/IGXMLScanner.cpp:198 7 0x7250abaf in xercesc_4_0::AbstractDOMParser::parse (this=0x7fffc2d0, source=...) at xercesc/parsers/AbstractDOMParser.cpp:545 8 0x724cbdbe in xercesc_4_0::IGXMLScanner::resolveSchemaGrammar (this=0x55792f78, loc=0x557dd694 u"/", uri=0x55737180 u"`", ignoreLoadSchema=) at xercesc/internal/IGXMLScanner2.cpp:1895 0x724cce7c in xercesc_4_0::IGXMLScanner::parseSchemaLocation (this=0x55792f78, schemaLocationStr=, ignoreLoadSchema=false) at ./xercesc/framework/XMLBuffer.hpp:171 10 0x724cd182 in xercesc_4_0::IGXMLScanner::scanRawAttrListforNameSpaces (this=this@entry=0x55792f78, attCount=attCount@entry=9) at xercesc/internal/IGXMLScanner2.cpp:1649 11 0x724c22cb in xercesc_4_0::IGXMLScanner::scanStartTagNS (this=0x55792f78, gotData=@0x7fffc91f: true) at xercesc/internal/IGXMLScanner.cpp:2213 12 0x724c3522 in xercesc_4_0::IGXMLScanner::scanContent (this=0x55792f78) at xercesc/internal/IGXMLScanner.cpp:890 13 0x724c3760 in xercesc_4_0::IGXMLScanner::scanDocument (this=0x55792f78, src=...) at xercesc/internal/IGXMLScanner.cpp:217 14 0x725158e3 in xercesc_4_0::SAX2XMLReaderImpl::parse (this=0x55731828, source=...) at xercesc/parsers/SAX2XMLReaderImpl.cpp:409 ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
