[
https://issues.apache.org/jira/browse/XERCESC-2105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16077118#comment-16077118
]
Scott Cantor commented on XERCESC-2105:
---------------------------------------
I patched a few warnings that seemed tractable, but the remaining warnings are
intentional size_t / int narrowing that's obviously broken but not fixable
without larger redesigns of the API, which are known issues.
I included a couple of checks for overflow when the casts are done to at least
prevent some harm. I think XMLString is practically bounded to 32-bit signed
sizes but I guess that's understood.
> Review results of compile with -Wstrict-overflow
> ------------------------------------------------
>
> Key: XERCESC-2105
> URL: https://issues.apache.org/jira/browse/XERCESC-2105
> Project: Xerces-C++
> Issue Type: Task
> Reporter: Scott Cantor
> Assignee: Scott Cantor
> Fix For: 3.2.0
>
> Attachments: xerces-build.txt
>
>
> The code base has had a number of pointer/length overflow bugs, so I thought
> it would be a good idea to do a gcc build with -O2 -Wall -Wstrict-overflow=5
> to flag any cases where we're doing pointer math on potentially huge offset
> values that might overflow. This can defeat boundary checking because of
> compiler optimizations.
> Attaching a build on RH7 with the libtool commands altered to output the
> warnings for review.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
