[jira] Created: (XERCESC-1679) xercesc_2_7::XMLUTF8Transcoder::transcodeFrom has a Conditional jump or move depends on uninitialised value.

Fri, 23 Feb 2007 03:19:27 -0800 

xercesc_2_7::XMLUTF8Transcoder::transcodeFrom has a Conditional jump or move 
depends on uninitialised value.
------------------------------------------------------------------------------------------------------------

                 Key: XERCESC-1679
                 URL: https://issues.apache.org/jira/browse/XERCESC-1679
             Project: Xerces-C++
          Issue Type: Bug
          Components: Utilities
    Affects Versions: 2.7.0
         Environment: Linux rhes-4 i686 gcc-3-2-3  32 bit
            Reporter: Philippe Forest


The problem is that the value of the poiter get checked before the check to see 
if you have passed the end of the input buffer.
in the file :XMLUTF8Transcoder.cpp on position 157.
current code:

            } while (*srcPtr <= 127    &&     // <- this can cause a crash if 
this memory is not your.
                      srcPtr != srcEnd &&
                      outPtr != outEnd );
should be:

            } while (
                      srcPtr != srcEnd &&         // first check the end
                      *srcPtr <= 127    &&        // then the content
                      outPtr != outEnd );

See valrind log:
Thanks Let me know if you need more details.
Phil.

==25072== Conditional jump or move depends on uninitialised value(s)
==25072==    at 0x5170D2A: 
xercesc_2_7::XMLUTF8Transcoder::transcodeFrom(unsigned char const*, unsigned, 
unsigned short*, unsigned, unsigned&, unsigned char*) 
(XMLUTF8Transcoder.cpp:157)
==25072==    by 0x5158D2F: xercesc_2_7::XMLReader::xcodeMoreChars(unsigned 
short*, unsigned char*, unsigned) (XMLReader.cpp:1707)
==25072==    by 0x5156FC9: xercesc_2_7::XMLReader::refreshCharBuffer() 
(XMLReader.cpp:498)
==25072==    by 0x50BB3A7: xercesc_2_7::XMLReader::peekNextChar(unsigned 
short&) (XMLReader.hpp:759)
==25072==    by 0x50B933A: xercesc_2_7::ReaderMgr::peekNextChar() 
(ReaderMgr.cpp:163)
==25072==    by 0x515DFA6: xercesc_2_7::XMLScanner::scanProlog() 
(XMLScanner.cpp:1237)
==25072==    by 0x5085CC6: 
xercesc_2_7::IGXMLScanner::scanDocument(xercesc_2_7::InputSource const&) 
(IGXMLScanner.cpp:202)
==25072==    by 0x50CC048: 
xercesc_2_7::SAX2XMLReaderImpl::parse(xercesc_2_7::InputSource const&) 
(SAX2XMLReaderImpl.cpp:396)
...

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to