[
https://issues.apache.org/jira/browse/XERCESC-2088?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Scott Cantor updated XERCESC-2088:
----------------------------------
Attachment: casting.patch
I've come up with a large patch to the DOM that is pretty invasive. Three new
interface classes are added to the impl/ code that expose the DOMNodeImpl,
DOMParentNode, and DOMChildNode member objects, and the constructors for
DOMNodeImpl and DOMParentNode are now maintaining backpointers to the
containing DOMXXXImpl class so that the offset-based casts are now dynamic
casts against a tracked pointer.
Some quick tests with DOMCount/DOMPrint against some quite large XML files are
running successfully. I have a lot of performance testing to do but will
probably check in the patch ahead of finishing it so I can get testing done
more easily on different systems.
If the dynamic casts ever fail, which they should not, I've raised
DOMExceptions to try and prevent any uncontrolled failures, but anything like
that would mean the DOM was just broken by the patch.
If we don't want to do this, then the alternative is to live with the casts. I
don't think there's a correct alternative to this without a total rewrite.
> Bad casting from DOMTextImpl to DOMElementImpl
> ----------------------------------------------
>
> Key: XERCESC-2088
> URL: https://issues.apache.org/jira/browse/XERCESC-2088
> Project: Xerces-C++
> Issue Type: Bug
> Components: DOM
> Affects Versions: 3.1.1, 3.1.2, 3.1.3, 3.1.4
> Environment: ubuntu 16.04 LTS, Intel(R) Core(TM) i7-6700 CPU @
> 3.40GHz, 16GB
> Reporter: Yuseok Jeon
> Assignee: Scott Cantor
> Fix For: 3.2.0
>
> Attachments: Actual_result.txt, casting.patch, relationship_tree.jpeg
>
>
> Hi all,
> Our recently developed type confusion detection tool reports a type_confusion
> error in the "xercesc/dom/imple/DOMCasts.hpp"
> xercesc/dom/imple/DOMCasts.hpp, line 146
> static inline DOMNodeImpl *castToNodeImpl(const DOMNode *p)
> {
> DOMElementImpl *pE = (DOMElementImpl *)p;
> return &(pE->fNode);
> }
> p is pointing to the object allocated as DOMTextImpl, and it is casted into
> DOMElementImpl. However, since DOMElementImpl is not a subobject of
> DOMTextImpl, it is violating C++ standard rules 5.2.9/11 (down casting is
> undefined if the object that the pointer to be casted points to is not a
> suboject of down casting type) and causes undefined behaviors.
> There are similar type-confusion cases as below links.
> - (libstdc++) https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60734
> - (Firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=1074280
> I attached a actual type confusion report and object relationship
> information.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
