[Expat-bugs] [ expat-Bugs-1452136 ] Expat-2.0.0: Win2003 - Buffer Overrun in XML_Parse
SourceForge.net
noreply at sourceforge.net
Wed Mar 22 15:32:07 CET 2006
Bugs item #1452136, was opened at 2006-03-17 04:53
Message generated for change (Comment added) made by kwaclaw
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=110127&aid=1452136&group_id=10127
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: Platform Specific
>Status: Closed
>Resolution: Rejected
Priority: 5
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Nobody/Anonymous (nobody)
Summary: Expat-2.0.0: Win2003 - Buffer Overrun in XML_Parse
Initial Comment:
The following problem only occurs in Windows 2003
platform !
Buffer Overrun occurs when the following XML data is
being parsed:
---------xml---------
<?xml version="1.0" encoding="UTF-8"?>
<FileTransfer>
<Service>LN.MRS.MRS.JE.EOS.EOS.ACCOUNT</Service>
<FTFNative>-label JE.EOS.EOS.ACCOUNT -sqm LNGDC1P1 -
dqm JEEOS1P1 at JECHQ1P1 -
spath /shared/home/mrsop/fub/ACCT.CSV -dpath
E:\ISIS\FINRPT\Account_Master.CSV -type text -exit 8 -
exitdll isispost.dll -exitentry isispost -exitdata
"@JBE:\\ISIS\\scripts\\FINRPT.BAT;@JBE:\\ISIS\\scr
ipts\\FINRPT\_FAIL.BAT" -exit 4 -exitdll
isispost -exitentry isispost -exitdata
"@JB/shared/home/mrsop/scr/isis\_postproc.sh_/shar
ed/home/mrsop/fub/ACCT.CSV_ARC;@JB/shared/home/mrsop/sc
r/isis\_failproc.sh_/shared/home/mrsop/fub/ACCT.CSV_ERR
OR" -oqm LNGDC1P1</FTFNative>
<ServiceOwner>Future Bank</ServiceOwner>
<FTFid>16162f01-ad5c-11da-9fb4-92c88c876801</FTFid>
</FileTransfer>
---------xml---------
Below are the list of function calls to describe the
steps:
int depth = 0;
int done = 0 ;
int XML_rc;
char MQ_buffer[8192];
MQLONG MQ_buffer_len;
XML_Parser parser = XML_ParserCreate(NULL);
XML_SetUserData(parser, &depth);
XML_SetDefaultHandler(parser, XMLParse);
XML_rc = XML_Parse(parser, MQ_buffer, MQ_buffer_len,
done);
-------Parser Function-----------
void XMLParse(void *userData, const char *name, int
len ) {
strncpy(temp,name,len);
temp[len]='\0';
TrimString(temp);
if ( StartCheck == 0 ) {
if (strcmp(temp, "<FTFStatDetail>" )
== 0 ) MessageType = MSG_DETAIL;
else if (strcmp
(temp, "<FTFStatControl>" ) == 0 ) MessageType =
MSG_CONTROL;
else if (strcmp
(temp, "<FileTransfer>" ) == 0 ) MessageType =
MSG_TRANSFER;
else if (strncmp(temp,"<?xml",5) ==
0 ) MessageType = MSG_SKIP;
else if (strlen(temp) ==
0 ) return;
else
MessageType = MSG_XML_POISON;
}
if ( MessageType != MSG_SKIP ) StartCheck = 1 ;
if (( MessageType != MSG_XML_POISON ) &&
( MessageType != MSG_POISON ) &&
( MessageType != MSG_INITIAL ) &&
( MessageType != MSG_NULL) &&
( MessageType != MSG_SKIP))
XMLProcessElement
(temp,MessageType);
if ((strcmp(temp, "</FTFStatDetail>") == 0 ) ||
(strcmp(temp, "</FTFStatControl>") == 0 ) ||
(strcmp(temp, "</FileTransfer>") == 0 )) {
StartCheck = 0 ;
}
}
-------Parser Function-----------
If you have any suggestion, please let me know.
Thanks & Regards,
Madavan Raman
madavan.raman at my.standardchartered.com
----------------------------------------------------------------------
>Comment By: Karl Waclawek (kwaclaw)
Date: 2006-03-22 09:32
Message:
Logged In: YES
user_id=290026
OK, closing this item.
----------------------------------------------------------------------
Comment By: Nobody/Anonymous (nobody)
Date: 2006-03-22 07:08
Message:
Logged In: NO
Managed to track down the error in the default handler.
Line which was causing the error was a string manipulation
code using "strcat()" function. I have fixed it
using "strncat()" to control the size.
Surprisingly this code is running fine in Win2000 platform.
Thanks for your help. We can close this item.
----------------------------------------------------------------------
Comment By: Nobody/Anonymous (nobody)
Date: 2006-03-22 06:35
Message:
Logged In: NO
If I remove the default handler, I dont get the buffer
overrun error.
----------------------------------------------------------------------
Comment By: Karl Waclawek (kwaclaw)
Date: 2006-03-20 08:56
Message:
Logged In: YES
user_id=290026
What happens if you don't set the default handler?
Do you still get a buffer overrun?
Karl
----------------------------------------------------------------------
Comment By: Nobody/Anonymous (nobody)
Date: 2006-03-20 01:51
Message:
Logged In: NO
It breaks at doContent() function. The sequence is
doProlog-> contentProcessor-> doContent()
The memory violation occurs when processing "<FTFNative>"
tag.
----------------------------------------------------------------------
Comment By: Karl Waclawek (kwaclaw)
Date: 2006-03-17 08:53
Message:
Logged In: YES
user_id=290026
Since I don't have access to Windows 2003 I cannot debug it.
I suggest you create a debug build (VC++ 6.0 or later) and
find out where the buffer overrun is happening. That will
give me a starting point for my investigation.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=110127&aid=1452136&group_id=10127
More information about the Expat-bugs
mailing list