swebb2066 commented on code in PR #470:
URL: https://github.com/apache/logging-log4cxx/pull/470#discussion_r1938186348
##########
src/main/cpp/optionconverter.cpp:
##########
@@ -343,8 +343,13 @@ LevelPtr OptionConverter::toLevel(const LogString& value,
try
{
- Level::LevelClass& levelClass =
- (Level::LevelClass&)Loader::loadClass(clazz);
+ // Note: the dynamic_cast could fail across DLL boundaries.
+ // However, without the dynamic_cast a poorly formed XML file
+ // could attempt to load an invalid class as a filter, causing
+ // a crash. If it can't be converted, a std::bad_cast should be
+ // thrown(and caught by the exception handler below)
+ const Level::LevelClass& levelClass =
+ dynamic_cast<const
Level::LevelClass&>(Loader::loadClass(clazz));
return levelClass.toLevel(levelName);
}
catch (ClassNotFoundException&)
Review Comment:
The final exception handler could be more specific to catch std::bad_cast,
and I think it is always useful to include information in logged warnings.
```
catch (const std::exception& ex)
{
LogLog::warn(
LOG4CXX_STR("class [") + clazz + LOG4CXX_STR("], level
[") + levelName +
LOG4CXX_STR("] conversion) failed."), ex);
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@logging.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
