[GitHub] [xerces-c] scantor commented on pull request #51: [XERCESC-2241] Fix integer overflows in DFAContentModel class

2022-10-10 Thread GitBox 


scantor commented on PR #51:
URL: https://github.com/apache/xerces-c/pull/51#issuecomment-1273514080

   I applied this to both branches.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] scantor commented on pull request #51: [XERCESC-2241] Fix integer overflows in DFAContentModel class

2022-10-06 Thread GitBox 


scantor commented on PR #51:
URL: https://github.com/apache/xerces-c/pull/51#issuecomment-1269983028

   (My only concern re: compatibility was the reference to size_it in the max 
function possibly causing compatibility issues, but I'll take the risk.)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] scantor commented on pull request #51: [XERCESC-2241] Fix integer overflows in DFAContentModel class

2022-10-06 Thread GitBox 


scantor commented on PR #51:
URL: https://github.com/apache/xerces-c/pull/51#issuecomment-1269982071

   @rleigh-codelibre  If you can apply this to master that will make it easier 
for me to cherry-pick back to the branch.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] scantor commented on pull request #44: [XERCESC-2233] DFAContentModel::buildDFA(): fix memory leaks when OutOfMemoryException occurs

2022-10-06 Thread GitBox 


scantor commented on PR #44:
URL: https://github.com/apache/xerces-c/pull/44#issuecomment-1269963838

   Given that this is just fixing a memory leak in a case where the process is 
going to die anyway, I'm inclined to leave it out of the branch and this patch 
release. That's not a good enough reason to make a non-trivial change to code I 
don't know at all. Can always revisit later.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] scantor commented on pull request #31: XERCESC-2219: [Backport 3.2] XMLReader constructor: fix memory leak when refreshRawBuffer() throws

2022-10-05 Thread GitBox 


scantor commented on PR #31:
URL: https://github.com/apache/xerces-c/pull/31#issuecomment-1268975788

   Indeed, I fully believed that just about any change was inherently unsafe 
because of that, but I must be mistaken.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre commented on pull request #31: XERCESC-2219: [Backport 3.2] XMLReader constructor: fix memory leak when refreshRawBuffer() throws

2022-10-05 Thread GitBox 


rleigh-codelibre commented on PR #31:
URL: https://github.com/apache/xerces-c/pull/31#issuecomment-1268971222

   Some searching around shows some examples where the ordinals in core Windows 
DLLs have changed, but it's not broken anything.  This would break on any 
symbol addition of any sort except at the end of the list, and I'm not aware of 
that being a thing.
   
   If you have someone who you can check this with, that's great.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] scantor commented on pull request #31: XERCESC-2219: [Backport 3.2] XMLReader constructor: fix memory leak when refreshRawBuffer() throws

2022-10-05 Thread GitBox 


scantor commented on PR #31:
URL: https://github.com/apache/xerces-c/pull/31#issuecomment-1268955305

   It *links* by name but I believe after that point the connection from the 
calling code to the DLL is by ordinal. But I could also be wrong, and I have 
someone I can ask. I don't think it's really worth the time to worry that much 
over since the workaround is pretty simple to ensure the headers don't change 
when we're looking at just a cleanup patch.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre commented on pull request #31: XERCESC-2219: [Backport 3.2] XMLReader constructor: fix memory leak when refreshRawBuffer() throws

2022-10-05 Thread GitBox 


rleigh-codelibre commented on PR #31:
URL: https://github.com/apache/xerces-c/pull/31#issuecomment-1268948199

   I thought MSVC linked by name rather than by ordinal when you used 
`__declspec`?  We aren't manually assigning ordinals in a `.def` file, we're 
linking by name, and the ordinals are sequentially assigned, and aren't used 
when linking either at build time or run time?
   
   If you run `dumpbin /EXPORTS` on the .lib and .dll you'll see that the lib 
file has names, the dll has both ordinals and names.  If you run `dumpbin 
/IMPORTS` on any of the exes you'll see that it has both ordinals and names.  
My understanding of this is that the ordinals have to be unique but are 
otherwise a Win16 legacy and aren't used when the names are present--and for 
Xerces-C++ it will be using the names.
   
   I don't think there is an ABI issue here.  However, I'm not a Windows COFF 
expert.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rouault commented on a diff in pull request #51: [XERCESC-2241] Fix integer overflows in DFAContentModel class

2022-10-05 Thread GitBox 


rouault commented on code in PR #51:
URL: https://github.com/apache/xerces-c/pull/51#discussion_r986050269


##
src/xercesc/validators/common/DFAContentModel.cpp:
##
@@ -661,8 +662,15 @@ void DFAContentModel::buildDFA(ContentSpecNode* const 
curNode)
 //  in the fLeafCount member.
 //
 fLeafCount=countLeafNodes(curNode);
+// Avoid integer overflow in below fLeafCount++ increment
+if (fLeafCount > std::numeric_limits::max() - 1)
+throw OutOfMemoryException();
 fEOCPos = fLeafCount++;
 
+// Avoid integer overflow in below memory allocatoin
+if (fLeafCount > std::numeric_limits::max() / sizeof(CMLeaf*))

Review Comment:
   ah sorry for some reason I read your sentence as "would it be possible to 
*avoid* the division"... Brackets added



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre commented on a diff in pull request #51: [XERCESC-2241] Fix integer overflows in DFAContentModel class

2022-10-05 Thread GitBox 


rleigh-codelibre commented on code in PR #51:
URL: https://github.com/apache/xerces-c/pull/51#discussion_r986046406


##
src/xercesc/validators/common/DFAContentModel.cpp:
##
@@ -661,8 +662,15 @@ void DFAContentModel::buildDFA(ContentSpecNode* const 
curNode)
 //  in the fLeafCount member.
 //
 fLeafCount=countLeafNodes(curNode);
+// Avoid integer overflow in below fLeafCount++ increment
+if (fLeafCount > std::numeric_limits::max() - 1)
+throw OutOfMemoryException();
 fEOCPos = fLeafCount++;
 
+// Avoid integer overflow in below memory allocatoin
+if (fLeafCount > std::numeric_limits::max() / sizeof(CMLeaf*))

Review Comment:
   I just meant `fLeafCount > (std::numeric_limits::max() / 
sizeof(CMLeaf*))` so that the operator precedence is explicit (and the same for 
below).



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre commented on a diff in pull request #51: [XERCESC-2241] Fix integer overflows in DFAContentModel class

2022-10-05 Thread GitBox 


rleigh-codelibre commented on code in PR #51:
URL: https://github.com/apache/xerces-c/pull/51#discussion_r986030234


##
src/xercesc/validators/common/DFAContentModel.cpp:
##
@@ -661,8 +662,15 @@ void DFAContentModel::buildDFA(ContentSpecNode* const 
curNode)
 //  in the fLeafCount member.
 //
 fLeafCount=countLeafNodes(curNode);
+// Avoid integer overflow in below fLeafCount++ increment
+if (fLeafCount > std::numeric_limits::max() - 1)

Review Comment:
   Should this be `XMLSize_t` (a.k.a. `size_t`) rather than `unsigned int` to 
match the type of `fLeafCount`?



##
src/xercesc/validators/common/DFAContentModel.cpp:
##
@@ -661,8 +662,15 @@ void DFAContentModel::buildDFA(ContentSpecNode* const 
curNode)
 //  in the fLeafCount member.
 //
 fLeafCount=countLeafNodes(curNode);
+// Avoid integer overflow in below fLeafCount++ increment
+if (fLeafCount > std::numeric_limits::max() - 1)
+throw OutOfMemoryException();
 fEOCPos = fLeafCount++;
 
+// Avoid integer overflow in below memory allocatoin

Review Comment:
   typo: allocation
   
   



##
src/xercesc/validators/common/DFAContentModel.cpp:
##
@@ -1364,14 +1372,27 @@ unsigned int 
DFAContentModel::countLeafNodes(ContentSpecNode* const curNode)
 if(nLoopCount!=0)
 {
 count += countLeafNodes(cursor);
-for(unsigned int i=0;i std::numeric_limits::max() / 
nLoopCount)

Review Comment:
   In all of the following changes, just want to check as above that the limit 
check should use `XMLSize_t` rather than `unsigned int`?
   
   And would it also be possible to put brackets around all expressions being 
compared for clarity?



##
src/xercesc/validators/common/DFAContentModel.cpp:
##
@@ -661,8 +662,15 @@ void DFAContentModel::buildDFA(ContentSpecNode* const 
curNode)
 //  in the fLeafCount member.
 //
 fLeafCount=countLeafNodes(curNode);
+// Avoid integer overflow in below fLeafCount++ increment
+if (fLeafCount > std::numeric_limits::max() - 1)
+throw OutOfMemoryException();
 fEOCPos = fLeafCount++;
 
+// Avoid integer overflow in below memory allocatoin
+if (fLeafCount > std::numeric_limits::max() / sizeof(CMLeaf*))

Review Comment:
   Should this also be `XMLSize_t`?
   
   Would it be possible to add brackets around the division for clarity?



##
src/xercesc/validators/common/DFAContentModel.cpp:
##
@@ -661,8 +662,15 @@ void DFAContentModel::buildDFA(ContentSpecNode* const 
curNode)
 //  in the fLeafCount member.
 //
 fLeafCount=countLeafNodes(curNode);
+// Avoid integer overflow in below fLeafCount++ increment
+if (fLeafCount > std::numeric_limits::max() - 1)

Review Comment:
   Oops, I was looking at the wrong definition in 
src/xercesc/validators/common/ContentLeafNameTypeVector.hpp when I was scanning 
over the `git grep` output.  In that case, that all looks fine!



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rouault commented on a diff in pull request #51: [XERCESC-2241] Fix integer overflows in DFAContentModel class

2022-10-05 Thread GitBox 


rouault commented on code in PR #51:
URL: https://github.com/apache/xerces-c/pull/51#discussion_r986039665


##
src/xercesc/validators/common/DFAContentModel.cpp:
##
@@ -661,8 +662,15 @@ void DFAContentModel::buildDFA(ContentSpecNode* const 
curNode)
 //  in the fLeafCount member.
 //
 fLeafCount=countLeafNodes(curNode);
+// Avoid integer overflow in below fLeafCount++ increment
+if (fLeafCount > std::numeric_limits::max() - 1)

Review Comment:
   fLeafCount is actually declared as unsigned int at line 236 of 
DFAContentModel.hpp (which is already much bigger than what is reasonable in 
practice :-))



##
src/xercesc/validators/common/DFAContentModel.cpp:
##
@@ -661,8 +662,15 @@ void DFAContentModel::buildDFA(ContentSpecNode* const 
curNode)
 //  in the fLeafCount member.
 //
 fLeafCount=countLeafNodes(curNode);
+// Avoid integer overflow in below fLeafCount++ increment
+if (fLeafCount > std::numeric_limits::max() - 1)
+throw OutOfMemoryException();
 fEOCPos = fLeafCount++;
 
+// Avoid integer overflow in below memory allocatoin
+if (fLeafCount > std::numeric_limits::max() / sizeof(CMLeaf*))

Review Comment:
   > Would it be possible to add brackets around the division for clarity?
   
   this is the best way I can think of that doesn't rely on doing overflow 
arithmetic... As it is unsigned type, we could do overflow arithmetic as it is 
well defined in C/C++, but I tend to fuzz software with 
-fsanitize=unsigned-integer-overflow because in practice > 90% unsigned 
overflows that occur are actually bugs



##
src/xercesc/validators/common/DFAContentModel.cpp:
##
@@ -661,8 +662,15 @@ void DFAContentModel::buildDFA(ContentSpecNode* const 
curNode)
 //  in the fLeafCount member.
 //
 fLeafCount=countLeafNodes(curNode);
+// Avoid integer overflow in below fLeafCount++ increment
+if (fLeafCount > std::numeric_limits::max() - 1)
+throw OutOfMemoryException();
 fEOCPos = fLeafCount++;
 
+// Avoid integer overflow in below memory allocatoin

Review Comment:
   fixed



##
src/xercesc/validators/common/DFAContentModel.cpp:
##
@@ -1364,14 +1372,27 @@ unsigned int 
DFAContentModel::countLeafNodes(ContentSpecNode* const curNode)
 if(nLoopCount!=0)
 {
 count += countLeafNodes(cursor);
-for(unsigned int i=0;i std::numeric_limits::max() / 
nLoopCount)

Review Comment:
   cf above comments regarding data type
   
   brackets added



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rouault commented on pull request #51: [XERCESC-2241] Fix integer overflows in DFAContentModel class

2022-10-05 Thread GitBox 


rouault commented on PR #51:
URL: https://github.com/apache/xerces-c/pull/51#issuecomment-1265749924

   CC @rleigh-codelibre  This should be relatively safe to apply


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rouault opened a new pull request, #51: [XERCESC-2241] Fix integer overflows in DFAContentModel class

2022-10-05 Thread GitBox 


rouault opened a new pull request, #51:
URL: https://github.com/apache/xerces-c/pull/51

   On .xsd files like the following ones (generated by ossfuzz, so broken), 
integer overflows can happen in DFAContentModel::countLeafNodes() and 
DFAContentModel::buildDFA() which can later cause out-of-bounds access.
   
   Found in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52025
   
   ```
   http://www.w3.org/2001/XMLSchema;
  xmlns:myns="http://myns;
  targetNamespace="http://myns;
  elementFormDefault="qualified" attributeFormDefault="unqualified">
   
   
 

   
 
 
   
   
   
 
 
 
   
   
ame="x" type="xs:int" maxOccurs="1"/>
   
   
 
 
   
   
   
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] scantor commented on pull request #50: autotools: Add ws2_32 library for Windows platform

2022-05-31 Thread GitBox 


scantor commented on PR #50:
URL: https://github.com/apache/xerces-c/pull/50#issuecomment-1142026862

   To report issues or submit patches, please use the proper channel, see 
https://issues.apache.org/jira/


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] Biswa96 opened a new pull request, #50: autotools: Add ws2_32 library for Windows platform

2022-05-28 Thread GitBox 


Biswa96 opened a new pull request, #50:
URL: https://github.com/apache/xerces-c/pull/50

   This fixes the following linking error:
   
   ```
   ld.exe: ../src/.libs/libxerces-c.a(CurlURLInputStream.o): in function 
'xercesc_4_0::CurlURLInputStream::readMore(int*)':
   src/xercesc/util/NetAccessors/Curl/CurlURLInputStream.cpp:370: undefined 
reference to '__imp_select'
   ```
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] iguessthislldo opened a new pull request, #49: Mark Xerces Dependencies as `PRIVATE` in CMake

2022-05-17 Thread GitBox 


iguessthislldo opened a new pull request, #49:
URL: https://github.com/apache/xerces-c/pull/49

   Fixes https://issues.apache.org/jira/browse/XERCESC-2236, where trying to 
use the generated CMake config package doesn't work because the dependencies 
are not loaded using `find_package` in the config package. This change assumes 
they're not necessary for users of the library and marks them as `PRIVATE` so 
they don't end up in the config package in the first place.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] scantor commented on pull request #47: [XERCESC-2188] Fix potential double-free in usage of ReaderMgr::pushReader()

2022-05-17 Thread GitBox 


scantor commented on PR #47:
URL: https://github.com/apache/xerces-c/pull/47#issuecomment-1128832049

   No, and no, I have no expectation of any releases. If a security issue that 
actually affects my code comes up I would probably apply this and bumping to 
3.3. This cannot be part of a patch to 3.2, as I said.
   
   This project needs active committers that have the time allocated to work on 
it. Until it gets some, it's going to stay moribund. If you need this fix, I 
would definitely suggest that you consider becoming one or find somebody else 
who is able to. If that happens, I am willing to help that person or persons 
get through the release process.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre merged pull request #45: [XERCESC-2235] DFAContentModel::buildDFA(): correctly zero-initialize fFollowList

2022-03-12 Thread GitBox 


rleigh-codelibre merged pull request #45:
URL: https://github.com/apache/xerces-c/pull/45


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre commented on pull request #45: [XERCESC-2235] DFAContentModel::buildDFA(): correctly zero-initialize fFollowList

2022-03-12 Thread GitBox 


rleigh-codelibre commented on pull request #45:
URL: https://github.com/apache/xerces-c/pull/45#issuecomment-1065923208


   Yes, this looks fine to me.  Thanks.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rouault commented on pull request #45: [XERCESC-2235] DFAContentModel::buildDFA(): correctly zero-initialize fFollowList

2022-03-10 Thread GitBox 


rouault commented on pull request #45:
URL: https://github.com/apache/xerces-c/pull/45#issuecomment-1063792952


   @rleigh-codelibre would you mind merging ? This is a trivial bug fix.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] swarajsomala commented on pull request #48: Tagging 3.2.3

2022-02-25 Thread GitBox 


swarajsomala commented on pull request #48:
URL: https://github.com/apache/xerces-c/pull/48#issuecomment-1050727671


   I found the relevant ticket in 
JIRA(https://issues.apache.org/jira/browse/XERCESC-2196). So closing this issue.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] swarajsomala closed pull request #48: Tagging 3.2.3

2022-02-25 Thread GitBox 


swarajsomala closed pull request #48:
URL: https://github.com/apache/xerces-c/pull/48


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] swarajsomala opened a new pull request #48: Tagging 3.2.3

2022-02-24 Thread GitBox 


swarajsomala opened a new pull request #48:
URL: https://github.com/apache/xerces-c/pull/48


   Hello There,
   
   I am facing one issue while integrating the xerces-c-3.2.3 into yocto 
environment. I can't see Issues tab to explain the problem , So I am creating 
this PR.I created one `xerces-c_3.2.3.bb`.
   
   xerces-c_3.2.3.bb
   ```
   
   HOMEPAGE = "http://xerces.apache.org/xerces-c/;
   SECTION =  "libs"
   LICENSE = "Apache-2.0"
   LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
   
   SRC_URI = "http://archive.apache.org/dist/xerces/c/3/sources/${BP}.tar.bz2;
   SRC_URI[sha256sum] = 
"45c2329e684405f2b8854ecbddfb8d5b055cdf0fe4d35736cc352c504989bbb6"
   
   inherit autotools
   
   PACKAGECONFIG ??= "curl icu"
   PACKAGECONFIG[curl] = 
"--with-curl=${STAGING_DIR_TARGET}${prefix},--with-curl=no,curl"
   PACKAGECONFIG[icu] = 
"--with-icu=${STAGING_DIR_TARGET}${prefix},--with-icu=no,icu"
   
   do_install_prepend () {
   sed -i -e 's:-L${STAGING_DIR}/lib:-L\$\{libdir\}:g' ${B}/xerces-c.pc
   }
   
   PACKAGES = "libxerces-c \
   libxerces-c-dev \
   xerces-c-samples \
   libxerces-c-staticdev \
   ${PN}-dbg \
   "
   
   RPROVIDES_${PN}-dbg += "libxerces-c-dbg xerces-c-samples-dbg"
   
   FILES_libxerces-c = "${libdir}/libxerces-c-3.1.so"
   FILES_libxerces-c-dev = "${libdir}/lib*.la \
   ${libdir}/libxerces-c.so \
   ${libdir}/pkgconfig/xerces-c.pc \
   ${includedir}/xercesc \
   "
   FILES_xerces-c-samples = "${bindir}/*"
   FILES_libxerces-c-staticdev = "${libdir}/lib*.a"
   
   BBCLASSEXTEND = "native"
   ```
   
   After running the `bitbake xerces-c` command, I am getting the below error 
in `do_configure` stage:
   `"cannot run test program while cross compiling See config.log for more 
details"`
   
   I tried xerces-c-3.1.4 and its working fine, but I want to use the latest 
library.Is there anything I am missing in the bb file?
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] scantor commented on pull request #47: [XERCESC-2188] Fix potential double-free in usage of ReaderMgr::pushReader()

2022-02-02 Thread GitBox 


scantor commented on pull request #47:
URL: https://github.com/apache/xerces-c/pull/47#issuecomment-1028196255


   I looked at the fix last night at least in cursory fashion. It can't be 
backported to 3.2 because it's an API and therefore ABI change. Given some 
method defaulting it could probably be a 3.3 since it would be 
backwardly-compatible.
   
   As with you, I have absolutely no idea if the fix is either sufficient or 
doesn't break anything. I don't really care for my own purposes so would defer 
to others on whether to accept the patch given that lack of insight into its 
correctness.
   
   As for doing a release, not really, no. It would be very unlikely for me to 
find any time to do so until some time later this year, possibly in the Spring. 
And I can't promise that.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre commented on pull request #47: [XERCESC-2188] Fix potential double-free in usage of ReaderMgr::pushReader()

2022-02-02 Thread GitBox 


rleigh-codelibre commented on pull request #47:
URL: https://github.com/apache/xerces-c/pull/47#issuecomment-1028191103


   I am not sufficiently familiar with this part of the codebase to review it 
meaningfully, but the changes look good and the unit tests are passing and not 
reporting any leaks, so I think merging this should be fairly risk-free.
   
   Regarding making a new release, all of the recent bugfixes will need 
backporting to the 3.2 branch if we want to have a new 3.2 point release with 
all of these changes included. There are quite a few to backport thanks to all 
the work done recently, primarily by @rouault. @scantor Would you be able to 
make the release? I can probably find some time to do the backporting, unless 
you want to do this.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-lumiradx removed a comment on pull request #47: [XERCESC-2188] Fix potential double-free in usage of ReaderMgr::pushReader()

2022-02-02 Thread GitBox 


rleigh-lumiradx removed a comment on pull request #47:
URL: https://github.com/apache/xerces-c/pull/47#issuecomment-1028188261


   I am not sufficiently familiar with this part of the codebase to review it 
meaningfully, but the changes look good and the unit tests are passing and not 
reporting any leaks, so I think merging this should be fairly risk-free.
   
   Regarding making a new release, all of the recent bugfixes will need 
backporting to the 3.2 branch if we want to have a new 3.2 point release with 
all of these changes included.  There are quite a few to backport thanks to all 
the work done recently, primarily by @rouault.  @scantor Would you be able to 
make the release?  I can probably find some time to do the backporting, unless 
you want to do this.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-lumiradx commented on pull request #47: [XERCESC-2188] Fix potential double-free in usage of ReaderMgr::pushReader()

2022-02-02 Thread GitBox 


rleigh-lumiradx commented on pull request #47:
URL: https://github.com/apache/xerces-c/pull/47#issuecomment-1028188261


   I am not sufficiently familiar with this part of the codebase to review it 
meaningfully, but the changes look good and the unit tests are passing and not 
reporting any leaks, so I think merging this should be fairly risk-free.
   
   Regarding making a new release, all of the recent bugfixes will need 
backporting to the 3.2 branch if we want to have a new 3.2 point release with 
all of these changes included.  There are quite a few to backport thanks to all 
the work done recently, primarily by @rouault.  @scantor Would you be able to 
make the release?  I can probably find some time to do the backporting, unless 
you want to do this.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] scantor commented on pull request #47: [XERCESC-2188] Fix potential double-free in usage of ReaderMgr::pushReader()

2022-02-01 Thread GitBox 


scantor commented on pull request #47:
URL: https://github.com/apache/xerces-c/pull/47#issuecomment-1027462800


   Since you addressed me personally, I can simply reiterate as I have in Jira 
(which is where this proposal should be, this is not a GitHub project) that I 
don't have any exposure to, and thus no source of resources with which to work 
on, anything in the DTD code unless it's a trivial fix that doesn't change the 
ABI and I'm already doing some other work on the code.
   
   Nothing else has arisen with the code that necessitated a release for my 
project, so there hasn't been any opportunity for me to look at anything else.
   
   I am not stopping anybody else from doing the work, and nobody is stopping 
others from joining the project as committers, which is certainly needed for 
obvious reasons.
   
   One issue that's perhaps less obvious is that a fix that requires a 4.0 rev 
may not get uptake by the few distributors of the current version. I imagine 
that's why Red Hat took the approach they took with it and just made it leak 
memory instead. Perhaps that's the best option in the end after all. I really 
have not looked at the issue at all in any depth to understand the trade-offs 
or possible fixes.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] theta682 commented on pull request #47: [XERCESC-2188] Fix potential double-free in usage of ReaderMgr::pushReader()

2022-02-01 Thread GitBox 


theta682 commented on pull request #47:
URL: https://github.com/apache/xerces-c/pull/47#issuecomment-1027379163


   @scantor this vulnerability was reported almost 4 years ago. It has to be 
finally fixed.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] theta682 commented on pull request #47: [XERCESC-2188] Fix potential double-free in usage of ReaderMgr::pushReader()

2022-02-01 Thread GitBox 


theta682 commented on pull request #47:
URL: https://github.com/apache/xerces-c/pull/47#issuecomment-1027376814


   @rleigh-codelibre can you merge this PR and make a new release?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rouault commented on pull request #47: [XERCESC-2188] Fix potential double-free in usage of ReaderMgr::pushReader()

2022-02-01 Thread GitBox 


rouault commented on pull request #47:
URL: https://github.com/apache/xerces-c/pull/47#issuecomment-1026885985


   > So just to confirm there is nothing you need me to do to get this fix in 
the code base?
   
   no, we just need someone with commit rights in this repository to review & 
merge it


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] johnjamesmccann commented on pull request #47: [XERCESC-2188] Fix potential double-free in usage of ReaderMgr::pushReader()

2022-02-01 Thread GitBox 


johnjamesmccann commented on pull request #47:
URL: https://github.com/apache/xerces-c/pull/47#issuecomment-1026877695


   So just to confirm there is nothing you need me to do to get this fix in the 
code base?
   
   From: Even Rouault ***@***.***>
   Sent: 01 February 2022 14:02
   To: apache/xerces-c ***@***.***>
   Cc: McCann, John (DI SW PE OT IO PP) ***@***.***>; Mention ***@***.***>
   Subject: Re: [apache/xerces-c] [XERCESC-2188] Fix potential double-free in 
usage of ReaderMgr::pushReader() (PR #47)
   
   
   or has it been added in your fork which is later than mine?
   
   yes
   
   —
   Reply to this email directly, view it on 
GitHub, or 
unsubscribe.
   Triage notifications on the go with GitHub Mobile for 
iOS
 or 
Android.
   You are receiving this because you were mentioned.Message ID: ***@***.***>
   
   -
   Siemens Industry Software Limited is a limited company registered in England 
and Wales.
   Registered number: 3476850.
   Registered office: Pinehurst 2, Pinehurst Road, Farnborough, Hampshire, GU14 
7BF.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rouault commented on pull request #47: [XERCESC-2188] Fix potential double-free in usage of ReaderMgr::pushReader()

2022-02-01 Thread GitBox 


rouault commented on pull request #47:
URL: https://github.com/apache/xerces-c/pull/47#issuecomment-1026875277


   > or has it been added in your fork which is later than mine?
   
   yes


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] johnjamesmccann commented on pull request #47: [XERCESC-2188] Fix potential double-free in usage of ReaderMgr::pushReader()

2022-02-01 Thread GitBox 


johnjamesmccann commented on pull request #47:
URL: https://github.com/apache/xerces-c/pull/47#issuecomment-1026872614


   Ah yes I can see that now, thanks for picking up on that. Do I need to add 
that change to my fork or has it been added in your fork which is later than 
mine?
   
   Thanks and kind regards
   
   John
   
   From: Even Rouault ***@***.***>
   Sent: 25 January 2022 14:15
   To: apache/xerces-c ***@***.***>
   Cc: McCann, John (DI SW PE OT IO PP) ***@***.***>; Mention ***@***.***>
   Subject: Re: [apache/xerces-c] [XERCESC-2188] Fix potential double-free in 
usage of ReaderMgr::pushReader() (PR #47)
   
   
   I cant see how my changes could cause a test regression, all my change does 
is delete 4 smart pointers that are not used in the code base.
   
   yes, but that causes a memory leak since nobody would take care of freeing 
the declDTD object. Hence my extra changes
   
   —
   Reply to this email directly, view it on 
GitHub, or 
unsubscribe.
   Triage notifications on the go with GitHub Mobile for 
iOS
 or 
Android.
   You are receiving this because you were mentioned.Message ID: 
***@***.**@***.***>>
   
   -
   Siemens Industry Software Limited is a limited company registered in England 
and Wales.
   Registered number: 3476850.
   Registered office: Pinehurst 2, Pinehurst Road, Farnborough, Hampshire, GU14 
7BF.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] theta682 commented on a change in pull request #47: [XERCESC-2188] Fix potential double-free in usage of ReaderMgr::pushReader()

2022-01-25 Thread GitBox 


theta682 commented on a change in pull request #47:
URL: https://github.com/apache/xerces-c/pull/47#discussion_r792337283



##
File path: src/xercesc/internal/ReaderMgr.cpp
##
@@ -72,8 +72,9 @@ ReaderMgr::~ReaderMgr()
 //  entities it still references!)
 //
 delete fCurReader;
+if (fOwnEntity)
+delete fCurEntity;

Review comment:
   `delete` checks for `nullptr`
   ```suggestion
   delete fCurEntity;
   ```




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] johnjamesmccann commented on pull request #47: [XERCESC-2188] Fix potential double-free in usage of ReaderMgr::pushReader()

2022-01-25 Thread GitBox 


johnjamesmccann commented on pull request #47:
URL: https://github.com/apache/xerces-c/pull/47#issuecomment-1021204613


   Hi Rouault,
   
   I cant see how my changes could cause a test regression, all my change does 
is delete 4 smart pointers that are not used in the code base.
   
   Kind regards
   
   John
   
   From: Even Rouault ***@***.***>
   Sent: 23 January 2022 15:34
   To: apache/xerces-c ***@***.***>
   Cc: McCann, John (DI SW PE OT IO PP) ***@***.***>; Mention ***@***.***>
   Subject: Re: [apache/xerces-c] [XERCESC-2188] Fix potential double-free in 
usage of ReaderMgr::pushReader() (PR #47)
   
   
   Seeing now 
https://issues.apache.org/jira/projects/XERCESC/issues/XERCESC-2188 , I see my 
approach is close to a suggestion of 
https://issues.apache.org/jira/browse/XERCESC-2188?focusedCommentId=17055399=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17055399
   
   —
   Reply to this email directly, view it on 
GitHub, or 
unsubscribe.
   Triage notifications on the go with GitHub Mobile for 
iOS
 or 
Android.
   You are receiving this because you were mentioned.Message ID: 
***@***.**@***.***>>
   
   -
   Siemens Industry Software Limited is a limited company registered in England 
and Wales.
   Registered number: 3476850.
   Registered office: Pinehurst 2, Pinehurst Road, Farnborough, Hampshire, GU14 
7BF.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rouault commented on pull request #47: [XERCESC-2188] Fix potential double-free in usage of ReaderMgr::pushReader()

2022-01-25 Thread GitBox 


rouault commented on pull request #47:
URL: https://github.com/apache/xerces-c/pull/47#issuecomment-1021224266


   > I cant see how my changes could cause a test regression, all my change 
does is delete 4 smart pointers that are not used in the code base.
   
   yes, but that causes a memory leak since nobody would take care of freeing 
the declDTD object. Hence my extra changes


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rouault commented on pull request #47: [XERCESC-2188] Fix potential double-free in usage of ReaderMgr::pushReader()

2022-01-25 Thread GitBox 


rouault commented on pull request #47:
URL: https://github.com/apache/xerces-c/pull/47#issuecomment-1021224266


   > I cant see how my changes could cause a test regression, all my change 
does is delete 4 smart pointers that are not used in the code base.
   
   yes, but that causes a memory leak since nobody would take care of freeing 
the declDTD object. Hence my extra changes


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] johnjamesmccann commented on pull request #47: [XERCESC-2188] Fix potential double-free in usage of ReaderMgr::pushReader()

2022-01-25 Thread GitBox 


johnjamesmccann commented on pull request #47:
URL: https://github.com/apache/xerces-c/pull/47#issuecomment-1021204613


   Hi Rouault,
   
   I cant see how my changes could cause a test regression, all my change does 
is delete 4 smart pointers that are not used in the code base.
   
   Kind regards
   
   John
   
   From: Even Rouault ***@***.***>
   Sent: 23 January 2022 15:34
   To: apache/xerces-c ***@***.***>
   Cc: McCann, John (DI SW PE OT IO PP) ***@***.***>; Mention ***@***.***>
   Subject: Re: [apache/xerces-c] [XERCESC-2188] Fix potential double-free in 
usage of ReaderMgr::pushReader() (PR #47)
   
   
   Seeing now 
https://issues.apache.org/jira/projects/XERCESC/issues/XERCESC-2188 , I see my 
approach is close to a suggestion of 
https://issues.apache.org/jira/browse/XERCESC-2188?focusedCommentId=17055399=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17055399
   
   —
   Reply to this email directly, view it on 
GitHub, or 
unsubscribe.
   Triage notifications on the go with GitHub Mobile for 
iOS
 or 
Android.
   You are receiving this because you were mentioned.Message ID: 
***@***.**@***.***>>
   
   -
   Siemens Industry Software Limited is a limited company registered in England 
and Wales.
   Registered number: 3476850.
   Registered office: Pinehurst 2, Pinehurst Road, Farnborough, Hampshire, GU14 
7BF.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] johnjamesmccann commented on pull request #46: DTD hot fix

2022-01-24 Thread GitBox 


johnjamesmccann commented on pull request #46:
URL: https://github.com/apache/xerces-c/pull/46#issuecomment-1020038900


   Hello Roger,
   
   Is everything ok with my proposed changes?
   
   Kind regards
   
   John
   
   From: Roger Leigh ***@***.***>
   Sent: 23 January 2022 08:27
   To: apache/xerces-c ***@***.***>
   Cc: McCann, John (DI SW PE OT IO PP) ***@***.***>; Mention ***@***.***>
   Subject: Re: [apache/xerces-c] DTD hot fix (PR #46)
   
   
   @rouault Did this problem surface with any of 
your recent work identifying memory bugs? Do you have any thoughts on the 
change being proposed and the test failure?
   
   —
   Reply to this email directly, view it on 
GitHub, or 
unsubscribe.
   Triage notifications on the go with GitHub Mobile for 
iOS
 or 
Android.
   You are receiving this because you were mentioned.Message ID: 
***@***.**@***.***>>
   
   -
   Siemens Industry Software Limited is a limited company registered in England 
and Wales.
   Registered number: 3476850.
   Registered office: Pinehurst 2, Pinehurst Road, Farnborough, Hampshire, GU14 
7BF.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rouault commented on pull request #47: [XERCESC-2188] Fix potential double-free in usage of ReaderMgr::pushReader()

2022-01-23 Thread GitBox 


rouault commented on pull request #47:
URL: https://github.com/apache/xerces-c/pull/47#issuecomment-1019508927


   Seeing now 
https://issues.apache.org/jira/projects/XERCESC/issues/XERCESC-2188 , I see my 
approach is close to a suggestion of 
https://issues.apache.org/jira/browse/XERCESC-2188?focusedCommentId=17055399=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17055399


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rouault commented on pull request #46: DTD hot fix

2022-01-23 Thread GitBox 


rouault commented on pull request #46:
URL: https://github.com/apache/xerces-c/pull/46#issuecomment-1019508643


   > @rouault Did this problem surface with any of your recent work identifying 
memory bugs? Do you have any thoughts on the change being proposed and the test 
failure?
   
   No, I'm not familiar with that part of the code. I've substantially enhanced 
this PR in https://github.com/apache/xerces-c/pull/47.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rouault opened a new pull request #47: [XERCESC-2188] Fix potential double-free in usage of ReaderMgr::pushReader()

2022-01-23 Thread GitBox 


rouault opened a new pull request #47:
URL: https://github.com/apache/xerces-c/pull/47


   The fix consists in adding a new argument to pushReader() to specify if
   ReaderMgr must own the passed entity, and adapt callers to specify the
   right value of this ownership flag depending on the calling context.
   
   SPDX-FileCopyrightText: Portions Copyright 2021 Siemens
   Modified on 15-Jul-2021 by Siemens and/or its affiliates to fix 
CVE-2018-1311: Apache Xerces-C use-after-free vulnerability scanning external 
DTD. Copyright 2021 Siemens.
   
   Co-authored-by: Even Rouault 
   
   Supersedes https://github.com/apache/xerces-c/pull/46 (avoids the memory 
leak in the unit tests)
   @johnjamesmccann  Do you have access to a reproducer to confirm it fixes the 
issue ? I couldn't easily find a reproducer 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre commented on pull request #46: DTD hot fix

2022-01-23 Thread GitBox 


rleigh-codelibre commented on pull request #46:
URL: https://github.com/apache/xerces-c/pull/46#issuecomment-1019437334


   @rouault Did this problem surface with any of your recent work identifying 
memory bugs?  Do you have any thoughts on the change being proposed and the 
test failure?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre commented on pull request #46: DTD hot fix

2022-01-23 Thread GitBox 


rleigh-codelibre commented on pull request #46:
URL: https://github.com/apache/xerces-c/pull/46#issuecomment-1019436958


   There is also a unit test failure, which needs investigation.  If there 
isn't a logic error in the PR, the corresponding unit tests might need updating 
to match.
   
   ```
   33: Test command: /usr/local/cmake-3.12.4/bin/cmake "-DNAME=MemHandlerTest1" 
"-DPROGRAM=/home/travis/build/apache/xerces-c/cmake-build/tests/MemHandlerTest" 
"-DARGS=-v=always;-n;-r=2;personal.xml" 
"-DLIBXERCES_C=/home/travis/build/apache/xerces-c/cmake-build/src/libxerces-c-4.0.so"
 "-DWORKDIR=/home/travis/build/apache/xerces-c/samples/data" "-DSTDIN=" 
"-DEXPECT_FAIL=FALSE" 
"-DOBSERVED_DIR=/home/travis/build/apache/xerces-c/cmake-build/tests/observed" 
"-DEXPECTED_DIR=/home/travis/build/apache/xerces-c/tests/expected" 
"-DDIFF=/usr/bin/diff" 
"-DNLS_HOME=/home/travis/build/apache/xerces-c/cmake-build/src" "-P" 
"/home/travis/build/apache/xerces-c/cmake/RunTest.cmake"
   33: Test timeout computed to be: 1000
   33: -- Running 
/home/travis/build/apache/xerces-c/cmake-build/tests/MemHandlerTest -v=always 
-n -r=2 personal.xml
   33: --- 
/home/travis/build/apache/xerces-c/cmake-build/tests/observed/MemHandlerTest1-exp.log
2022-01-21 15:42:13.453749473 +
   33: +++ 
/home/travis/build/apache/xerces-c/cmake-build/tests/observed/MemHandlerTest1.log
2022-01-21 15:42:13.449749191 +
   33: @@ -1,4 +1,4 @@
   33: -At destruction, domBuilderMemMonitor has 0 bytes.
   33: -At destruction, sax2MemMonitor has 0 bytes.
   33: -At destruction, sax1MemMonitor has 0 bytes.
   33: +At destruction, domBuilderMemMonitor has 276 bytes.
   33: +At destruction, sax2MemMonitor has 276 bytes.
   33: +At destruction, sax1MemMonitor has 276 bytes.
   33:  At destruction, staticMemMonitor has 0 bytes.
   33: CMake Error at /home/travis/build/apache/xerces-c/cmake/RunTest.cmake:71 
(message):
   33:   Observed output does not match expected output
   33: Call Stack (most recent call first):
   33:   /home/travis/build/apache/xerces-c/cmake/RunTest.cmake:88 
(test_command)
   33: 
   33: 
   33/79 Test #33: MemHandlerTest1 ..***Failed0.02 sec
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] johnjamesmccann commented on pull request #46: DTD hot fix

2022-01-21 Thread GitBox 


johnjamesmccann commented on pull request #46:
URL: https://github.com/apache/xerces-c/pull/46#issuecomment-1018530152


   Ok I think I have managed to change the files now by editing them on the PR 
file list.
   
   Please let me know if you need anything else Roger
   
   John


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] johnjamesmccann commented on pull request #46: DTD hot fix

2022-01-21 Thread GitBox 


johnjamesmccann commented on pull request #46:
URL: https://github.com/apache/xerces-c/pull/46#issuecomment-1018334858


   I would be happy to do that, if you show me how to, as I have no idea 
   
   From: Roger Leigh ***@***.***>
   Sent: 20 January 2022 21:56
   To: apache/xerces-c ***@***.***>
   Cc: McCann, John (DI SW PE OT IO PP) ***@***.***>; Mention ***@***.***>
   Subject: Re: [apache/xerces-c] DTD hot fix (PR #46)
   
   
   @johnjamesmccann Thanks for opening this 
PR. The changes appear as an addition of two new files at the toplevel, rather 
than as a change to the original files. Please could you update this to add the 
changes in the correct directory so that the original files are updated? Thanks.
   
   —
   Reply to this email directly, view it on 
GitHub, or 
unsubscribe.
   Triage notifications on the go with GitHub Mobile for 
iOS
 or 
Android.
   You are receiving this because you were mentioned.Message ID: 
***@***.**@***.***>>
   
   -
   Siemens Industry Software Limited is a limited company registered in England 
and Wales.
   Registered number: 3476850.
   Registered office: Faraday House, Sir William Siemens Square, Frimley, 
Surrey, GU16 8QD.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre commented on pull request #46: DTD hot fix

2022-01-20 Thread GitBox 


rleigh-codelibre commented on pull request #46:
URL: https://github.com/apache/xerces-c/pull/46#issuecomment-1017961677


   @johnjamesmccann Thanks for opening this PR.  The changes appear as an 
addition of two new files at the toplevel, rather than as a change to the 
original files.  Please could you update this to add the changes in the correct 
directory so that the original files are updated?  Thanks.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] johnjamesmccann opened a new pull request #46: DTD hot fix

2022-01-20 Thread GitBox 


johnjamesmccann opened a new pull request #46:
URL: https://github.com/apache/xerces-c/pull/46


   SPDX-FileCopyrightText: Portions Copyright 2021 Siemens 
   Modified on 15-Jul-2021 by Siemens and/or its affiliates to fix 
CVE-2018-1311: Apache Xerces-C use-after-free vulnerability scanning external 
DTD. Copyright 2021 Siemens.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rouault opened a new pull request #45: DFAContentModel::buildDFA(): correctly zero-initialize fFollowList

2021-12-20 Thread GitBox 


rouault opened a new pull request #45:
URL: https://github.com/apache/xerces-c/pull/45


   Due to a copy issue, the intended zero-initialization of
   fFollowList wasn't done (copy issue), and thus in case of
   OutOfMemory exception when initializing the array, the memory freeing in
   cleanup() could access uninitialized elements.
   
   Follow-up of https://github.com/apache/xerces-c/pull/40 / 
a65990d79d3fc333d7481f010da4e165a88b6cb3
   
   Fixes GDAL's https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42636


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rouault commented on pull request #44: [XERCESC-2233] DFAContentModel::buildDFA(): fix memory leaks when OutOfMemoryException occurs

2021-12-05 Thread GitBox 


rouault commented on pull request #44:
URL: https://github.com/apache/xerces-c/pull/44#issuecomment-986261189


   I've updated the commit with the above strategy I mentioned in 
https://github.com/apache/xerces-c/pull/44#discussion_r762457868. The diff 
might be hard to read because of the indentation changes, but the changes 
themselves are relatively simple and consist in:
   - moving 
https://github.com/apache/xerces-c/blob/8ac9637b4a54e0b0a52e59b0299aaa974e8fc453/src/xercesc/validators/common/DFAContentModel.cpp#L1006
 to 
https://github.com/apache/xerces-c/blob/8ac9637b4a54e0b0a52e59b0299aaa974e8fc453/src/xercesc/validators/common/DFAContentModel.cpp#L1264
 of one indentation level in a try {} block
   - moving 
https://github.com/apache/xerces-c/blob/8ac9637b4a54e0b0a52e59b0299aaa974e8fc453/src/xercesc/validators/common/DFAContentModel.cpp#L1266
 to 
https://github.com/apache/xerces-c/blob/8ac9637b4a54e0b0a52e59b0299aaa974e8fc453/src/xercesc/validators/common/DFAContentModel.cpp#L1329
 in the finalizeProcessingAndCleanup() lambda
   - calling that lambda after the try {} block in the nominal case, and in the 
catch ( OutOfMemoryException ) block
   - and doing the memory allocations 
https://github.com/apache/xerces-c/blob/master/src/xercesc/validators/common/DFAContentModel.cpp#L1228
 to 
https://github.com/apache/xerces-c/blob/8ac9637b4a54e0b0a52e59b0299aaa974e8fc453/src/xercesc/validators/common/DFAContentModel.cpp#L1249
 in a inner try {} catch (OutOfMemoryException) block, to do specific cleanups 
of those temporary arrays in case an exception is thrown


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rouault commented on a change in pull request #44: [XERCESC-2233] DFAContentModel::buildDFA(): fix memory leaks when OutOfMemoryException occurs

2021-12-04 Thread GitBox 


rouault commented on a change in pull request #44:
URL: https://github.com/apache/xerces-c/pull/44#discussion_r762457868



##
File path: src/xercesc/validators/common/DFAContentModel.cpp
##
@@ -1191,12 +1203,21 @@ void DFAContentModel::buildDFA(ContentSpecNode* const 
curNode)
 //  table.
 //
 statesToDo[curState] = newSet;
-fTransTable[curState] = makeDefStateList();
-stateTable->put
-(
-newSet
-, new (fMemoryManager) XMLInteger(curState)
-);
+try
+{
+fTransTable[curState] = makeDefStateList();
+stateTable->put
+(
+newSet
+, new (fMemoryManager) XMLInteger(curState)
+);
+}
+catch( const OutOfMemoryException& e )
+{
+oomException = e;

Review comment:
   > 
   
   possibly. I didn't want to change the code too much. Your suggestion will 
probably involve moving the cleanup code in a lambda function that will be 
called at the end of the nominal code path and in the catch() block.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre commented on a change in pull request #44: [XERCESC-2233] DFAContentModel::buildDFA(): fix memory leaks when OutOfMemoryException occurs

2021-12-04 Thread GitBox 


rleigh-codelibre commented on a change in pull request #44:
URL: https://github.com/apache/xerces-c/pull/44#discussion_r762456999



##
File path: src/xercesc/validators/common/DFAContentModel.cpp
##
@@ -1191,12 +1203,21 @@ void DFAContentModel::buildDFA(ContentSpecNode* const 
curNode)
 //  table.
 //
 statesToDo[curState] = newSet;
-fTransTable[curState] = makeDefStateList();
-stateTable->put
-(
-newSet
-, new (fMemoryManager) XMLInteger(curState)
-);
+try
+{
+fTransTable[curState] = makeDefStateList();
+stateTable->put
+(
+newSet
+, new (fMemoryManager) XMLInteger(curState)
+);
+}
+catch( const OutOfMemoryException& e )
+{
+oomException = e;

Review comment:
   How safe is the saving and re-throwing of the exception?  Is there any 
potential for `OutOfMemoryException& e` to be a reference to a base class?  
Could `e` end up being truncated as a result?  A direct `throw` to rethrow the 
existing exception might be safer overall, and avoid the need for a goto.
   
   Could we achieve the same effect with a higher-level try/catch block within 
the function, and avoid the saving of the exception and the goto?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rouault opened a new pull request #44: DFAContentModel::buildDFA(): fix memory leaks when OutOfMemoryException occurs

2021-12-04 Thread GitBox 


rouault opened a new pull request #44:
URL: https://github.com/apache/xerces-c/pull/44


   
   Fixes GDAL's https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41335


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre merged pull request #43: [XERCESC-2230] DFAContentModel::buildSyntaxTree(): fix memory leaks when OutOfMemoryException occurs

2021-11-17 Thread GitBox 


rleigh-codelibre merged pull request #43:
URL: https://github.com/apache/xerces-c/pull/43


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre commented on pull request #43: [XERCESC-2230] DFAContentModel::buildSyntaxTree(): fix memory leaks when OutOfMemoryException occurs

2021-11-17 Thread GitBox 


rleigh-codelibre commented on pull request #43:
URL: https://github.com/apache/xerces-c/pull/43#issuecomment-971972555


   The logic all looks good to me, thanks.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rouault opened a new pull request #43: DFAContentModel::buildSyntaxTree(): fix memory leaks when OutOfMemoryException occurs

2021-11-15 Thread GitBox 


rouault opened a new pull request #43:
URL: https://github.com/apache/xerces-c/pull/43


   Fixes GDAL's https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40866


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre merged pull request #42: [XERCESC-2229] IGXMLScanner::scanDocTypeDecl(): fix memory leak on exception

2021-11-06 Thread GitBox 


rleigh-codelibre merged pull request #42:
URL: https://github.com/apache/xerces-c/pull/42


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rouault opened a new pull request #42: IGXMLScanner::scanDocTypeDecl(): fix memory leak on exception

2021-10-28 Thread GitBox 


rouault opened a new pull request #42:
URL: https://github.com/apache/xerces-c/pull/42


   The method can leak pubId and sysId when subsequent call to
   fReaderMgr.skipPastSpaces() throws an exception (e.g. a
   TranscodingException)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre commented on pull request #39: [XERCESC-2227] Memleak fixes in ContentSpecNode and ComplexTypeInfo classes

2021-10-24 Thread GitBox 


rleigh-codelibre commented on pull request #39:
URL: https://github.com/apache/xerces-c/pull/39#issuecomment-950272435


   @rouault Both now merged, thanks!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre merged pull request #40: [XERCESC-2228] DFAContentModel: fix memory leaks when OutOfMemoryException occurs

2021-10-24 Thread GitBox 


rleigh-codelibre merged pull request #40:
URL: https://github.com/apache/xerces-c/pull/40


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre merged pull request #39: [XERCESC-2227] Memleak fixes in ContentSpecNode and ComplexTypeInfo classes

2021-10-24 Thread GitBox 


rleigh-codelibre merged pull request #39:
URL: https://github.com/apache/xerces-c/pull/39


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rouault commented on pull request #39: [XERCESC-2227] Memleak fixes in ContentSpecNode and ComplexTypeInfo classes

2021-10-21 Thread GitBox 


rouault commented on pull request #39:
URL: https://github.com/apache/xerces-c/pull/39#issuecomment-948891203


   maybe this can be merged ? and https://github.com/apache/xerces-c/pull/40 as 
well ?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre merged pull request #41: XERCESC-2208: XMLSize_t size_t revert

2021-09-28 Thread GitBox 


rleigh-codelibre merged pull request #41:
URL: https://github.com/apache/xerces-c/pull/41


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre merged pull request #41: XERCESC-2208: XMLSize_t size_t revert

2021-09-27 Thread GitBox 


rleigh-codelibre merged pull request #41:
URL: https://github.com/apache/xerces-c/pull/41


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre opened a new pull request #41: XERCESC-2208: XMLSize_t size_t revert

2021-09-27 Thread GitBox 


rleigh-codelibre opened a new pull request #41:
URL: https://github.com/apache/xerces-c/pull/41


   * Restore previous behaviour (XMLSize_t is size_t)
   * Remove XMLSSize_t (no uses in the codebase)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rouault commented on pull request #41: XERCESC-2208: XMLSize_t size_t revert

2021-09-27 Thread GitBox 


rouault commented on pull request #41:
URL: https://github.com/apache/xerces-c/pull/41#issuecomment-927552020


   Looks good to me


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre edited a comment on pull request #39: [XERCESC-2227] Memleak fixes in ContentSpecNode and ComplexTypeInfo classes

2021-09-23 Thread GitBox 


rleigh-codelibre edited a comment on pull request #39:
URL: https://github.com/apache/xerces-c/pull/39#issuecomment-926103264


   @rouault There were two instances of this, does the other one need fixing as 
well?
   
   Edit: I'm mistaken I think, please ignore.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre commented on pull request #39: [XERCESC-2227] Memleak fixes in ContentSpecNode and ComplexTypeInfo classes

2021-09-23 Thread GitBox 


rleigh-codelibre commented on pull request #39:
URL: https://github.com/apache/xerces-c/pull/39#issuecomment-926103264


   @rouault There were two instances of this, does the other one need fixing as 
well?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rouault commented on pull request #39: [XERCESC-2227] Memleak fixes in ContentSpecNode and ComplexTypeInfo classes

2021-09-23 Thread GitBox 


rouault commented on pull request #39:
URL: https://github.com/apache/xerces-c/pull/39#issuecomment-926102766


   > Where you changed `retNode` to `specNode`, am I correct in the assumption 
that this was always buggy?
   
   no the code was fine. The change was a result from some temporary confusion, 
but at line 741 which I believe the only occurence, the 2 were aliases. I've 
pushed a commit to restore the original use of retNode


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre commented on pull request #40: [XERCESC-2228] DFAContentModel: fix memory leaks when OutOfMemoryException occurs

2021-09-23 Thread GitBox 


rleigh-codelibre commented on pull request #40:
URL: https://github.com/apache/xerces-c/pull/40#issuecomment-926100192


   Everything in this PR looks absolutely fine to me.
   
   As for the other PR, I would appreciate another reviewer or two due to the 
complex nature of the changes.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre commented on pull request #39: [XERCESC-2227] Memleak fixes in ContentSpecNode and ComplexTypeInfo classes

2021-09-23 Thread GitBox 


rleigh-codelibre commented on pull request #39:
URL: https://github.com/apache/xerces-c/pull/39#issuecomment-926097632


   I have read through all the changes, and everything looks sensible.
   
   Where you changed `retNode` to `specNode`, am I correct in the assumption 
that this was always buggy?
   
   If anyone else has time to look through, that would be appreciated.  I'm 
certainly in favour of merging it, but given that this in some fairly complex 
code, it could certainly use a second or third opinion.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rouault opened a new pull request #40: DFAContentModel: fix memory leaks when OutOfMemoryException occurs

2021-09-23 Thread GitBox 


rouault opened a new pull request #40:
URL: https://github.com/apache/xerces-c/pull/40


   Fixes GDAL's https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39159


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre commented on pull request #39: [XERCESC-2227] Memleak fixes in ContentSpecNode and ComplexTypeInfo classes

2021-09-22 Thread GitBox 


rleigh-codelibre commented on pull request #39:
URL: https://github.com/apache/xerces-c/pull/39#issuecomment-925360640


   I'll get to the review tomorrow.  In terms of C++11 support, the stable 
release does not require it.  The master branch (4.0.x) does.  You'll see today 
I merged a PR from last year which requires C++11 ``.  While the CMake 
build tries to enable C++17, C++14 or C++11 (where available), this was the 
first feature addition which actually used a C++11 feature.  While I don't 
think there is as of yet much discussion about what could be refactored to use 
C++11 features, previous discussion has focussed upon retaining API 
compatibility to the maximum extent possible, so I think we will need to be 
fairly conservative with changes, certainly changes which affect the API or 
ABI.  
   
   Since Xerces-C++ did not originally use any of the C++ Standard Library, it 
does have some fairly archaic design which could certainly be replaced.  The 
memory management in particular.  However, it does need to work as a Windows 
DLL which puts constraints upon use of C++ features which cross DLL 
boundaries--templates in particular are very tricky if not impossible in many 
cases to export.  But the biggest constraint is developer time and interest.
   
   I do have a branch which makes it use `std::thread`.  But there are whole 
categories of wrappers and helpers which could be gutted and replaced with 
standard equivalents.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre merged pull request #21: XERCESC-2208: Use cstdint and standard integer types

2021-09-22 Thread GitBox 


rleigh-codelibre merged pull request #21:
URL: https://github.com/apache/xerces-c/pull/21


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rouault opened a new pull request #39: Memleak fixes in ContentSpecNode and ComplexTypeInfo classes

2021-09-22 Thread GitBox 


rouault opened a new pull request #39:
URL: https://github.com/apache/xerces-c/pull/39


   when a OutOfMemory exception occurs.
   
   Spotted by https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39127 (on 
GDAL)
   
   The commits are a bit in increasing order of triviality. The ownership rules 
of ContentSpecNode first and second members, as used by ComplexTypeInfo, are 
super complex. shared_ptr would be much welcome here! I can just tell that 
valgrind on my test case reports no double-free nor memory leak after those 
fixes
   
   By the way what is the C++11 story of Xerces and the potential use of 
unique_ptr, shared_ptr ?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre commented on pull request #23: fix static linking with curl

2021-09-22 Thread GitBox 


rleigh-codelibre commented on pull request #23:
URL: https://github.com/apache/xerces-c/pull/23#issuecomment-924648605


   Note that with the merging of #34 we now use the CURL imported target to 
link against.  Please could you retest and see if this PR is still necessary?
   
   Thanks,
   Roger


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre commented on pull request #21: XERCESC-2208: Use cstdint and standard integer types

2021-09-22 Thread GitBox 


rleigh-codelibre commented on pull request #21:
URL: https://github.com/apache/xerces-c/pull/21#issuecomment-924647083


   Rebased against current master (no source changes).  If there are no 
objections to merging, will merge later today.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre merged pull request #38: XERCESC-2226: Update minimum CMake version to 3.12

2021-09-21 Thread GitBox 


rleigh-codelibre merged pull request #38:
URL: https://github.com/apache/xerces-c/pull/38


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre commented on pull request #38: XERCESC-2226: Update minimum CMake version to 3.12

2021-09-21 Thread GitBox 


rleigh-codelibre commented on pull request #38:
URL: https://github.com/apache/xerces-c/pull/38#issuecomment-923676074


   CI is passing.  This completes the followup work for XERCESC-2225.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre commented on pull request #34: XERCESC-2225: Link to installed CMake targets of CURL

2021-09-20 Thread GitBox 


rleigh-codelibre commented on pull request #34:
URL: https://github.com/apache/xerces-c/pull/34#issuecomment-923305154


   XERCESC-2226 added as a followup action.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre merged pull request #37: [XERCESC-2224] DFAContentModel::checkUniqueParticleAttribution (): speed enhancement

2021-09-20 Thread GitBox 


rleigh-codelibre merged pull request #37:
URL: https://github.com/apache/xerces-c/pull/37


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre commented on pull request #37: [XERCESC-2224] DFAContentModel::checkUniqueParticleAttribution (): speed enhancement

2021-09-20 Thread GitBox 


rleigh-codelibre commented on pull request #37:
URL: https://github.com/apache/xerces-c/pull/37#issuecomment-923298020


   The logic looks perfectly fine to me.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rouault opened a new pull request #37: DFAContentModel::checkUniqueParticleAttribution (): speed enhancement

2021-09-20 Thread GitBox 


rouault opened a new pull request #37:
URL: https://github.com/apache/xerces-c/pull/37


   The complexity of this method is roughly O(n^3). Fuzzers can generate
   schemas with n = several thousands. The test fTransTable[i][j] == 
XMLContentModel::gInvalidTrans
   is independant of the k loop, and can thus being moved at a upper level
   to improve runtime.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre commented on pull request #34: link to installed CMake targets of CURL

2021-09-19 Thread GitBox 


rleigh-codelibre commented on pull request #34:
URL: https://github.com/apache/xerces-c/pull/34#issuecomment-922472287


   I haven't seen any objections to making the change over the last week.  
Unless there are any objections today, I'll go ahead and merge it later.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre merged pull request #36: [XERCESC-2223] SAX2XMLReaderImpl::error(): use exception memory manager, …

2021-09-19 Thread GitBox 


rleigh-codelibre merged pull request #36:
URL: https://github.com/apache/xerces-c/pull/36


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre commented on pull request #36: [XERCESC-2223] SAX2XMLReaderImpl::error(): use exception memory manager, …

2021-09-19 Thread GitBox 


rleigh-codelibre commented on pull request #36:
URL: https://github.com/apache/xerces-c/pull/36#issuecomment-922471974


   This looks fine to me.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rouault opened a new pull request #36: SAX2XMLReaderImpl::error(): use exception memory manager, …

2021-09-15 Thread GitBox 


rouault opened a new pull request #36:
URL: https://github.com/apache/xerces-c/pull/36


   otherwise regular memory manager might fail to fully allocate the strings in 
the exception and cause memory leaks


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rouault opened a new pull request #35: DFAContentModel::checkUniqueParticleAttribution(): fix memory leak

2021-09-11 Thread GitBox 


rouault opened a new pull request #35:
URL: https://github.com/apache/xerces-c/pull/35


   If a memory allocation of conflictTable[] fails, or later in the
   function, the array is not freed.
   Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38533


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre edited a comment on pull request #34: link to installed CMake targets of CURL

2021-09-09 Thread GitBox 


rleigh-codelibre edited a comment on pull request #34:
URL: https://github.com/apache/xerces-c/pull/34#issuecomment-916148623


   Thanks.
   
   So in terms of compatibility, this is effectively going to bump our minimum 
supported version of CMake from 3.2.0 (March 2015) to 3.12.0 (July 2018, just 
over three years ago).
   
   In terms of support by recent systems, I don't think this poses too much of 
a problem.  It's possible to download and use current releases on older 
platforms too, in general.  I certainly would not object.  And there are a good 
number of improvements between those releases which would be nice to have.
   
   If the consensus is that this is an acceptable change to make, we can go 
with it.
   
   Edit: To add, it's also worth pointing out that in practice none of us are 
testing on CMake 3.2.0 anyway.  I'm certainly not using anything older than 
3.18 myself, and neither is the project CI.  So from a purely pragmatic testing 
point of view, 3.12.0 is still quite conservative.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre commented on pull request #34: link to installed CMake targets of CURL

2021-09-09 Thread GitBox 


rleigh-codelibre commented on pull request #34:
URL: https://github.com/apache/xerces-c/pull/34#issuecomment-916148623


   Thanks.
   
   So in terms of compatibility, this is effectively going to bump our minimum 
supported version of CMake from 3.2.0 (March 2015) to 3.12.0 (July 2018, just 
over three years ago).
   
   In terms of support by recent systems, I don't think this poses too much of 
a problem.  It's possible to download and use current releases on older 
platforms too, in general.  I certainly would not object.  And there are a good 
number of improvements between those releases which would be nice to have.
   
   If the consensus is that this is an acceptable change to make, we can go 
with it.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] prince-chrismc commented on pull request #34: link to installed CMake targets of CURL

2021-09-09 Thread GitBox 


prince-chrismc commented on pull request #34:
URL: https://github.com/apache/xerces-c/pull/34#issuecomment-916073833


   > What are the compatibility implications in terms of supported libcurl 
and/or cmake versions?
   
   That is an excellent questions! I am not sure if it may be a problem for 
this project... in 
   https://cmake.org/cmake/help/latest/module/FindCURL.html#imported-targets
   
   > New in version 3.12.
   > This module defines IMPORTED target CURL::libcurl, if curl has been found.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre commented on pull request #34: link to installed CMake targets of CURL

2021-09-09 Thread GitBox 


rleigh-codelibre commented on pull request #34:
URL: https://github.com/apache/xerces-c/pull/34#issuecomment-915842634


   The change looks absolutely fine to me.  One question though: when did the 
FindCURL/CurlConfig module start using imported targets?  What are the 
compatibility implications in terms of supported libcurl and/or cmake versions?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre merged pull request #33: Fix -Wmemset-transposed-args warnings of clang++

2021-09-09 Thread GitBox 


rleigh-codelibre merged pull request #33:
URL: https://github.com/apache/xerces-c/pull/33


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rleigh-codelibre merged pull request #32: XERCESC-2221: InMemMsgLoader::loadMsg(): fix memory leak when transcoding fails.

2021-09-09 Thread GitBox 


rleigh-codelibre merged pull request #32:
URL: https://github.com/apache/xerces-c/pull/32


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rouault commented on pull request #32: XERCESC-2221: InMemMsgLoader::loadMsg(): fix memory leak when transcoding fails.

2021-09-05 Thread GitBox 


rouault commented on pull request #32:
URL: https://github.com/apache/xerces-c/pull/32#issuecomment-913203789


   @rleigh-codelibre do you mind merging this ?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] prince-chrismc opened a new pull request #34: link to installed CMake targets of CURL

2021-09-03 Thread GitBox 


prince-chrismc opened a new pull request #34:
URL: https://github.com/apache/xerces-c/pull/34


   Just like how it was done for ICU


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rouault opened a new pull request #33: Fix -Wmemset-transposed-args warnings of clang++

2021-08-27 Thread GitBox 


rouault opened a new pull request #33:
URL: https://github.com/apache/xerces-c/pull/33


   Fixes:
   xercesc/util/XMLChTranscoder.cpp:73:23: warning: setting buffer to a 
'sizeof' expression; did you mean to transpose the last two arguments? 
[-Wmemset-transposed-args]
   memset(charSizes, sizeof(XMLCh), countToDo);
 ^
   xercesc/util/XMLChTranscoder.cpp:73:23: note: cast the second argument to 
'int' to silence
   
   and
   
   xercesc/util/XMLUTF16Transcoder.cpp:114:23: warning: setting buffer to a 
'sizeof' expression; did you mean to transpose the last two arguments? 
[-Wmemset-transposed-args]
   memset(charSizes, sizeof(UTF16Ch), countToDo);
 ^
   xercesc/util/XMLUTF16Transcoder.cpp:114:23: note: cast the second argument 
to 'int' to silence
   1 warning generated.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

[GitHub] [xerces-c] rouault opened a new pull request #32: InMemMsgLoader::loadMsg(): fix memory leak when transcoding fails.

2021-08-26 Thread GitBox 


rouault opened a new pull request #32:
URL: https://github.com/apache/xerces-c/pull/32


   Seen with the IconvGNU transcoder when parsing "

  1   2   3   >