Chinaunix首页 | 论坛 | 博客
  • 博客访问: 6660366
  • 博文数量: 1159
  • 博客积分: 12444
  • 博客等级: 上将
  • 技术积分: 12570
  • 用 户 组: 普通用户
  • 注册时间: 2008-03-13 21:34
文章分类

全部博文(1159)

文章存档

2016年(126)

2015年(350)

2014年(56)

2013年(91)

2012年(182)

2011年(193)

2010年(138)

2009年(23)

分类: C/C++

2015-10-10 17:42:03

//break main.cpp:63
//break main.cpp:155
//break WAPI.cpp:72
//break bOSXMLHelper.cpp:40

//break PlatformUtils.hpp:813
//break MemoryManagerImpl.cpp:37
//break WorkflowListener.cpp:67

//break XMLString.hpp:1451
//break Hashers.hpp:47

//break RangeToken.cpp:335

//break XMLRangeFactory.cpp:113

//break XMLInitializer.cpp:51
//break XMLInitializer.cpp:62            // 调试到此处,停止
//break XMLInitializer.cpp:61            // 所以,进入到initializeDatatypeValidatorFactory()单步跟踪,使用s,不要用n

break IconvTransService.cpp:432        //找到了故障点(在这一行的)。
break IconvTransService.cpp:460        //估计是内存分配问题,比如 溢出

===================================================================
http://c-dev.xerces.apache.narkive.com/DWSpAHdF/xerces-trunk-on-openbsd-5-1
===================================================================
Post by Alberto Massari
Hi Simon,
it looks that libc in OpenBSD 5.1 is not obeying to the documentation for
wcsrtombs/mbsrtowcs.
If *d**s**t* is not a null pointer, the pointer object pointed to
by *s**r**c* is assigned either a null pointer (if conversion
stopped due to reaching a terminating null wide-character)
or the address just past the last wide-character converted
(if any).
Instead of hacking the code to try to detect whether the conversion
actually wrote a NULL character in the converted string, I chose to modify
the 'configure' script to detect this behaviour and disable the usage of
the re-entrant functions if it doesn't match how the Xerces code uses them.
Thank you for reporting this issue,
Alberto
---------------------------------------
Hi,
I wanted to try using xerces on openbsd 5.1.
unknow reason.
After reading the code, it turns out that the end of conversion by
wcsrtombs and mbsrtowcs is based on a test on source pointer (source
pointer should point on null character).
The problem is that this behaviour is not implemented. Source pointer
points on the character following the last converted character leading
xerces binary to a risky memory access.

Below, there is a patch based on values returned by the functions (-1 in
case of error, >= 0 in case of complete/incomplete conversion) that fixes
the problem.
Regards,
Simon Elbaz
$ svn diff xercesc/util/Transcoders/Iconv/IconvTransService.cpp
Index: xercesc/util/Transcoders/Iconv/IconvTransService.cpp
===================================================================
--- xercesc/util/Transcoders/Iconv/IconvTransService.cpp (revision
1387785)
+++ xercesc/util/Transcoders/Iconv/IconvTransService.cpp (working
copy)
@@ -429,7 +429,7 @@
srcBuffer[gTempBuffArraySize - 1] = 0;
const wchar_t *src = 0;
- while (toTranscode[srcCursor] || src)
+ while (toTranscode[srcCursor])
{
if (src == 0) // copy a piece of the source string into a local
// buffer, converted to wchar_t and NULL-terminated.
@@ -454,7 +454,7 @@
break;
}
dstCursor += len;
- if (src != 0) // conversion not finished. This *always* means there
+ if (len == (resultSize - dstCursor)) // conversion not finished.
This *always* means there
// was not enough room in the destination buffer.
{
reallocString<char>(resultString, resultSize, manager,
resultString != localBuffer);
@@ -512,9 +512,9 @@
break;
}
dstCursor += len;
- if (src == 0) // conversion finished
+ if ((len >= 0) && (len < (resultSize - dstCursor))) // conversion
finished
break;
- if (dstCursor >= resultSize - 1)
+ if (len == (resultSize - dstCursor))
reallocString<wchar_t>(tmpString, resultSize, manager,
tmpString != localBuffer);
}
===================================================================



阅读(890) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~