https://sourceforge.net/p/tinyxml/bugs/Recent changes to bugsenTue, 16 Apr 2024 23:54:12 -0000https://sourceforge.net/p/tinyxml/bugs/121/?limit=25#195b<div class="markdown_content"><p>From <em>tinyxml.h</em>:</p> <div class="codehilite"><pre><span></span><code><span class="w"> </span><span class="o">/**</span><span class="w"> </span><span class="n">The</span><span class="w"> </span><span class="n">world</span><span class="w"> </span><span class="n">does</span><span class="w"> </span><span class="n">not</span><span class="w"> </span><span class="n">agree</span><span class="w"> </span><span class="n">on</span><span class="w"> </span><span class="n">whether</span><span class="w"> </span><span class="n">white</span><span class="w"> </span><span class="n">space</span><span class="w"> </span><span class="n">should</span><span class="w"> </span><span class="n">be</span><span class="w"> </span><span class="n">kept</span><span class="w"> </span><span class="nb">or</span> <span class="w"> </span><span class="n">not</span><span class="p">.</span><span class="w"> </span><span class="n">In</span><span class="w"> </span><span class="n">order</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">make</span><span class="w"> </span><span class="n">everyone</span><span class="w"> </span><span class="n">happy</span><span class="p">,</span><span class="w"> </span><span class="n">these</span><span class="w"> </span><span class="k">global</span><span class="p">,</span><span class="w"> </span><span class="k">static</span><span class="w"> </span><span class="n">functions</span> <span class="w"> </span><span class="n">are</span><span class="w"> </span><span class="n">provided</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="k">set</span><span class="w"> </span><span class="n">whether</span><span class="w"> </span><span class="nb">or</span><span class="w"> </span><span class="n">not</span><span class="w"> </span><span class="n">TinyXml</span><span class="w"> </span><span class="n">will</span><span class="w"> </span><span class="n">condense</span><span class="w"> </span><span class="n">all</span><span class="w"> </span><span class="n">white</span><span class="w"> </span><span class="n">space</span> <span class="w"> </span><span class="n">into</span><span class="w"> </span><span class="n">a</span><span class="w"> </span><span class="n">single</span><span class="w"> </span><span class="n">space</span><span class="w"> </span><span class="nb">or</span><span class="w"> </span><span class="n">not</span><span class="p">.</span><span class="w"> </span><span class="n">The</span><span class="w"> </span><span class="n">default</span><span class="w"> </span><span class="n">is</span><span class="w"> </span><span class="n">to</span><span class="w"> </span><span class="n">condense</span><span class="p">.</span><span class="w"> </span><span class="n">Note</span><span class="w"> </span><span class="n">changing</span><span class="w"> </span><span class="n">this</span> <span class="w"> </span><span class="n">value</span><span class="w"> </span><span class="n">is</span><span class="w"> </span><span class="n">not</span><span class="w"> </span><span class="n">thread</span><span class="w"> </span><span class="n">safe</span><span class="p">.</span> <span class="w"> </span><span class="o">*/</span> </code></pre></div> <p>So please read the documentation and consider using <em>SetCondenseWhiteSpace</em> to fix this "unexpected" behavior. Please close the issue <strong>unless</strong> the suggestion doesn't cover your use-case/behavior.</p></div>Helder "Lthere" MagalhãesTue, 16 Apr 2024 23:54:12 -0000https://sourceforge.net0effbf3ed2b844f6d3fe41b0bc36a18cad92ff84https://sourceforge.net/p/tinyxml/bugs/142/<div class="markdown_content"><p>This vulnerability is caused by the following code:</p> <div class="codehilite"><pre><span></span><span class="nb nb-Type">bool</span> <span class="n">TiXmlBase</span><span class="p">::</span><span class="n">StringEqual</span><span class="p">(</span> <span class="k">const</span> <span class="nb">char</span><span class="o">*</span> <span class="n">p</span><span class="p">,</span> <span class="k">const</span> <span class="nb">char</span><span class="o">*</span> <span class="n">tag</span><span class="p">,</span> <span class="nb nb-Type">bool</span> <span class="n">ignoreCase</span><span class="p">,</span> <span class="n">TiXmlEncoding</span> <span class="n">encoding</span> <span class="p">)</span> <span class="p">{</span> <span class="nb">assert</span><span class="p">(</span> <span class="n">p</span> <span class="p">);</span> <span class="nb">assert</span><span class="p">(</span> <span class="n">tag</span> <span class="p">);</span> <span class="k">if</span> <span class="p">(</span> <span class="o">!</span><span class="n">p</span> <span class="o">||</span> <span class="o">!*</span><span class="n">p</span> <span class="p">)</span> <span class="p">{</span> <span class="nb">assert</span><span class="p">(</span> <span class="mi">0</span> <span class="p">);</span> <span class="k">return</span> <span class="bp">false</span><span class="p">;</span> <span class="p">}</span> </pre></div> <p>My program for testing:</p> <div class="codehilite"><pre><span></span><span class="cp">#include</span> <span class="cpf">"tinyxml.h"</span><span class="cp"></span> <span class="cp">#include</span> <span class="cpf">&lt;stdlib.h&gt;</span><span class="cp"></span> <span class="cp">#include</span> <span class="cpf">&lt;string&gt;</span><span class="cp"></span> <span class="kr">int</span> <span class="nf">main</span><span class="p">(</span><span class="kr">int</span> <span class="n">argc</span><span class="p">,</span> <span class="kr">char</span><span class="o">*</span><span class="n">argv</span><span class="p">[]){</span> <span class="kr">char</span> <span class="n">buf</span><span class="p">[</span><span class="mi">10240</span><span class="p">];</span> <span class="k">if</span><span class="p">(</span><span class="n">argc</span> <span class="o">&lt;</span> <span class="mi">2</span><span class="p">){</span> <span class="n">printf</span><span class="p">(</span><span class="s">"args error</span><span class="se">\n</span><span class="s">"</span><span class="p">);</span> <span class="k">return</span> <span class="mi">0</span><span class="p">;</span> <span class="p">}</span> <span class="kt">FILE</span> <span class="o">*</span><span class="n">f</span> <span class="o">=</span> <span class="n">fopen</span><span class="p">(</span><span class="n">argv</span><span class="p">[</span><span class="mi">1</span><span class="p">],</span> <span class="s">"rb"</span><span class="p">);</span> <span class="kt">size_t</span> <span class="n">len</span> <span class="o">=</span> <span class="n">fread</span><span class="p">(</span><span class="n">buf</span><span class="p">,</span> <span class="mi">1</span><span class="p">,</span> <span class="kr">sizeof</span><span class="p">(</span><span class="n">buf</span><span class="p">),</span> <span class="n">f</span><span class="p">);</span> <span class="n">std</span><span class="o">::</span><span class="kr">string</span> <span class="n">s</span><span class="p">(</span><span class="n">buf</span><span class="p">,</span> <span class="kr">sizeof</span><span class="p">(</span><span class="n">buf</span><span class="p">));</span> <span class="n">TiXmlDocument</span> <span class="n">doc</span><span class="p">;</span> <span class="n">doc</span><span class="p">.</span><span class="n">Parse</span><span class="p">(</span><span class="n">s</span><span class="p">.</span><span class="n">c_str</span><span class="p">());</span> <span class="n">fclose</span><span class="p">(</span><span class="n">f</span><span class="p">);</span> <span class="k">return</span> <span class="mi">0</span><span class="p">;</span> <span class="p">}</span> </pre></div> <p>Result:</p> <div class="codehilite"><pre><span></span><span class="n">test_input</span><span class="o">:</span> <span class="n">tinyxmlparser</span><span class="o">.</span><span class="na">cpp</span><span class="o">:</span><span class="mi">543</span><span class="o">:</span> <span class="kd">static</span> <span class="n">bool</span> <span class="n">TiXmlBase</span><span class="o">::</span><span class="n">StringEqual</span><span class="o">(</span><span class="kd">const</span> <span class="n">char</span> <span class="o">*,</span> <span class="kd">const</span> <span class="n">char</span> <span class="o">*,</span> <span class="n">bool</span><span class="o">,</span> <span class="n">TiXmlEncoding</span><span class="o">):</span> <span class="n">Assertion</span> <span class="err">`</span><span class="mi">0</span><span class="err">'</span> <span class="n">failed</span><span class="o">.</span> <span class="o">[</span><span class="mi">1</span><span class="o">]</span> <span class="mi">1843</span> <span class="n">abort</span> <span class="o">./</span><span class="n">test_input</span> <span class="n">minimized_crash</span> </pre></div> <p>And I use libfuzzer to get more detailed output:</p> <div class="codehilite"><pre><span></span><span class="n">harness2</span><span class="o">:</span> <span class="n">tinyxmlparser</span><span class="o">.</span><span class="na">cpp</span><span class="o">:</span><span class="mi">543</span><span class="o">:</span> <span class="kd">static</span> <span class="n">bool</span> <span class="n">TiXmlBase</span><span class="o">::</span><span class="n">StringEqual</span><span class="o">(</span><span class="kd">const</span> <span class="n">char</span> <span class="o">*,</span> <span class="kd">const</span> <span class="n">char</span> <span class="o">*,</span> <span class="n">bool</span><span class="o">,</span> <span class="n">TiXmlEncoding</span><span class="o">):</span> <span class="n">Assertion</span> <span class="err">`</span><span class="mi">0</span><span class="err">'</span> <span class="n">failed</span><span class="o">.</span> <span class="o">==</span><span class="mi">1849</span><span class="o">==</span> <span class="n">ERROR</span><span class="o">:</span> <span class="n">libFuzzer</span><span class="o">:</span> <span class="n">deadly</span> <span class="n">signal</span> <span class="err">#</span><span class="mi">0</span> <span class="mh">0x527e41</span> <span class="k">in</span> <span class="n">__sanitizer_print_stack_trace</span> <span class="o">(/</span><span class="n">home</span><span class="sr">/presler/fuzzing/tinyxml/</span><span class="n">harness2</span><span class="o">+</span><span class="mh">0x527e41</span><span class="o">)</span> <span class="err">#</span><span class="mi">1</span> <span class="mh">0x472f98</span> <span class="k">in</span> <span class="n">fuzzer</span><span class="o">::</span><span class="n">PrintStackTrace</span><span class="o">()</span> <span class="o">(/</span><span class="n">home</span><span class="sr">/presler/fuzzing/tinyxml/</span><span class="n">harness2</span><span class="o">+</span><span class="mh">0x472f98</span><span class="o">)</span> <span class="err">#</span><span class="mi">2</span> <span class="mh">0x4580e3</span> <span class="k">in</span> <span class="n">fuzzer</span><span class="o">::</span><span class="n">Fuzzer</span><span class="o">::</span><span class="n">CrashCallback</span><span class="o">()</span> <span class="o">(/</span><span class="n">home</span><span class="sr">/presler/fuzzing/tinyxml/</span><span class="n">harness2</span><span class="o">+</span><span class="mh">0x4580e3</span><span class="o">)</span> <span class="err">#</span><span class="mi">3</span> <span class="mh">0x7f07d48103bf</span> <span class="o">(/</span><span class="n">lib</span><span class="sr">/x86_64-linux-gnu/</span><span class="n">libpthread</span><span class="o">.</span><span class="na">so</span><span class="o">.</span><span class="mi">0</span><span class="o">+</span><span class="mh">0x153bf</span><span class="o">)</span> <span class="err">#</span><span class="mi">4</span> <span class="mh">0x7f07d462118a</span> <span class="k">in</span> <span class="n">__libc_signal_restore_set</span> <span class="sr">/build/glibc-eX1tMB/glibc-2.31/signal/../sysdeps/unix/sysv/linux/i</span><span class="n">nternal</span><span class="o">-</span><span class="n">signals</span><span class="o">.</span><span class="na">h</span><span class="o">:</span><span class="mi">86</span><span class="o">:</span><span class="mi">3</span> <span class="err">#</span><span class="mi">5</span> <span class="mh">0x7f07d462118a</span> <span class="k">in</span> <span class="n">raise</span> <span class="sr">/build/glibc-eX1tMB/glibc-2.31/signal/../sysdeps/unix/sysv/linux/</span><span class="n">raise</span><span class="o">.</span><span class="na">c</span><span class="o">:</span><span class="mi">48</span><span class="o">:</span><span class="mi">3</span> <span class="err">#</span><span class="mi">6</span> <span class="mh">0x7f07d4600858</span> <span class="k">in</span> <span class="n">abort</span> <span class="sr">/build/glibc-eX1tMB/glibc-2.31/stdlib/</span><span class="n">abort</span><span class="o">.</span><span class="na">c</span><span class="o">:</span><span class="mi">79</span><span class="o">:</span><span class="mi">7</span> <span class="err">#</span><span class="mi">7</span> <span class="mh">0x7f07d4600728</span> <span class="k">in</span> <span class="n">__assert_fail_base</span> <span class="sr">/build/glibc-eX1tMB/glibc-2.31/assert/</span><span class="n">assert</span><span class="o">.</span><span class="na">c</span><span class="o">:</span><span class="mi">92</span><span class="o">:</span><span class="mi">3</span> <span class="err">#</span><span class="mi">8</span> <span class="mh">0x7f07d4611f35</span> <span class="k">in</span> <span class="n">__assert_fail</span> <span class="sr">/build/glibc-eX1tMB/glibc-2.31/assert/</span><span class="n">assert</span><span class="o">.</span><span class="na">c</span><span class="o">:</span><span class="mi">101</span><span class="o">:</span><span class="mi">3</span> <span class="err">#</span><span class="mi">9</span> <span class="mh">0x558e38</span> <span class="k">in</span> <span class="n">TiXmlBase</span><span class="o">::</span><span class="n">StringEqual</span><span class="o">(</span><span class="n">char</span> <span class="kd">const</span><span class="o">*,</span> <span class="n">char</span> <span class="kd">const</span><span class="o">*,</span> <span class="n">bool</span><span class="o">,</span> <span class="n">TiXmlEncoding</span><span class="o">)</span> <span class="sr">/home/presler/fuzzing/tinyxml/</span><span class="n">tinyxmlparser</span><span class="o">.</span><span class="na">cpp</span><span class="o">:</span><span class="mi">543</span><span class="o">:</span><span class="mi">3</span> <span class="err">#</span><span class="mi">10</span> <span class="mh">0x55b25c</span> <span class="k">in</span> <span class="n">TiXmlDeclaration</span><span class="o">::</span><span class="n">Parse</span><span class="o">(</span><span class="n">char</span> <span class="kd">const</span><span class="o">*,</span> <span class="n">TiXmlParsingData</span><span class="o">*,</span> <span class="n">TiXmlEncoding</span><span class="o">)</span> <span class="sr">/home/presler/fuzzing/tinyxml/</span><span class="n">tinyxmlparser</span><span class="o">.</span><span class="na">cpp</span><span class="o">:</span><span class="mi">1603</span><span class="o">:</span><span class="mi">8</span> <span class="err">#</span><span class="mi">11</span> <span class="mh">0x55a4bc</span> <span class="k">in</span> <span class="n">TiXmlElement</span><span class="o">::</span><span class="n">ReadValue</span><span class="o">(</span><span class="n">char</span> <span class="kd">const</span><span class="o">*,</span> <span class="n">TiXmlParsingData</span><span class="o">*,</span> <span class="n">TiXmlEncoding</span><span class="o">)</span> <span class="sr">/home/presler/fuzzing/tinyxml/</span><span class="n">tinyxmlparser</span><span class="o">.</span><span class="na">cpp</span><span class="o">:</span><span class="mi">1229</span><span class="o">:</span><span class="mi">16</span> <span class="err">#</span><span class="mi">12</span> <span class="mh">0x559e3a</span> <span class="k">in</span> <span class="n">TiXmlElement</span><span class="o">::</span><span class="n">Parse</span><span class="o">(</span><span class="n">char</span> <span class="kd">const</span><span class="o">*,</span> <span class="n">TiXmlParsingData</span><span class="o">*,</span> <span class="n">TiXmlEncoding</span><span class="o">)</span> <span class="sr">/home/presler/fuzzing/tinyxml/</span><span class="n">tinyxmlparser</span><span class="o">.</span><span class="na">cpp</span><span class="o">:</span><span class="mi">1109</span><span class="o">:</span><span class="mi">8</span> <span class="err">#</span><span class="mi">13</span> <span class="mh">0x55949a</span> <span class="k">in</span> <span class="n">TiXmlDocument</span><span class="o">::</span><span class="n">Parse</span><span class="o">(</span><span class="n">char</span> <span class="kd">const</span><span class="o">*,</span> <span class="n">TiXmlParsingData</span><span class="o">*,</span> <span class="n">TiXmlEncoding</span><span class="o">)</span> <span class="sr">/home/presler/fuzzing/tinyxml/</span><span class="n">tinyxmlparser</span><span class="o">.</span><span class="na">cpp</span><span class="o">:</span><span class="mi">759</span><span class="o">:</span><span class="mi">14</span> <span class="err">#</span><span class="mi">14</span> <span class="mh">0x551699</span> <span class="k">in</span> <span class="n">LLVMFuzzerTestOneInput</span> <span class="sr">/home/presler/fuzzing/tinyxml/</span><span class="n">harness2</span><span class="o">.</span><span class="na">cpp</span><span class="o">:</span><span class="mi">17</span><span class="o">:</span><span class="mi">9</span> <span class="err">#</span><span class="mi">15</span> <span class="mh">0x4597a1</span> <span class="k">in</span> <span class="n">fuzzer</span><span class="o">::</span><span class="n">Fuzzer</span><span class="o">::</span><span class="n">ExecuteCallback</span><span class="o">(</span><span class="n">unsigned</span> <span class="n">char</span> <span class="kd">const</span><span class="o">*,</span> <span class="n">unsigned</span> <span class="n">long</span><span class="o">)</span> <span class="o">(/</span><span class="n">home</span><span class="sr">/presler/fuzzing/tinyxml/</span><span class="n">harness2</span><span class="o">+</span><span class="mh">0x4597a1</span><span class="o">)</span> <span class="err">#</span><span class="mi">16</span> <span class="mh">0x444f12</span> <span class="k">in</span> <span class="n">fuzzer</span><span class="o">::</span><span class="n">RunOneTest</span><span class="o">(</span><span class="n">fuzzer</span><span class="o">::</span><span class="n">Fuzzer</span><span class="o">*,</span> <span class="n">char</span> <span class="kd">const</span><span class="o">*,</span> <span class="n">unsigned</span> <span class="n">long</span><span class="o">)</span> <span class="o">(/</span><span class="n">home</span><span class="sr">/presler/fuzzing/tinyxml/</span><span class="n">harness2</span><span class="o">+</span><span class="mh">0x444f12</span><span class="o">)</span> <span class="err">#</span><span class="mi">17</span> <span class="mh">0x44a9c6</span> <span class="k">in</span> <span class="n">fuzzer</span><span class="o">::</span><span class="n">FuzzerDriver</span><span class="o">(</span><span class="n">int</span><span class="o">*,</span> <span class="n">char</span><span class="o">***,</span> <span class="n">int</span> <span class="o">(*)(</span><span class="n">unsigned</span> <span class="n">char</span> <span class="kd">const</span><span class="o">*,</span> <span class="n">unsigned</span> <span class="n">long</span><span class="o">))</span> <span class="o">(/</span><span class="n">home</span><span class="sr">/presler/fuzzing/tinyxml/</span><span class="n">harness2</span><span class="o">+</span><span class="mh">0x44a9c6</span><span class="o">)</span> <span class="err">#</span><span class="mi">18</span> <span class="mh">0x473682</span> <span class="k">in</span> <span class="n">main</span> <span class="o">(/</span><span class="n">home</span><span class="sr">/presler/fuzzing/tinyxml/</span><span class="n">harness2</span><span class="o">+</span><span class="mh">0x473682</span><span class="o">)</span> <span class="err">#</span><span class="mi">19</span> <span class="mh">0x7f07d46020b2</span> <span class="k">in</span> <span class="n">__libc_start_main</span> <span class="sr">/build/glibc-eX1tMB/glibc-2.31/csu/../csu/</span><span class="n">libc</span><span class="o">-</span><span class="n">start</span><span class="o">.</span><span class="na">c</span><span class="o">:</span><span class="mi">308</span><span class="o">:</span><span class="mi">16</span> <span class="err">#</span><span class="mi">20</span> <span class="mh">0x41f5dd</span> <span class="k">in</span> <span class="n">_start</span> <span class="o">(/</span><span class="n">home</span><span class="sr">/presler/fuzzing/tinyxml/</span><span class="n">harness2</span><span class="o">+</span><span class="mh">0x41f5dd</span><span class="o">)</span> <span class="n">NOTE</span><span class="o">:</span> <span class="n">libFuzzer</span> <span class="n">has</span> <span class="n">rudimentary</span> <span class="n">signal</span> <span class="n">handlers</span><span class="o">.</span> <span class="n">Combine</span> <span class="n">libFuzzer</span> <span class="k">with</span> <span class="n">AddressSanitizer</span> <span class="n">or</span> <span class="n">similar</span> <span class="k">for</span> <span class="n">better</span> <span class="n">crash</span> <span class="n">reports</span><span class="o">.</span> <span class="n">SUMMARY</span><span class="o">:</span> <span class="n">libFuzzer</span><span class="o">:</span> <span class="n">deadly</span> <span class="n">signal</span> </pre></div> <p>Test case also was attached</p></div>NikitaMon, 17 Jan 2022 09:09:33 -0000https://sourceforge.net85ae4b17450ea72847d2c83e5e2194475b50e9f0https://sourceforge.net/p/tinyxml/bugs/141/?limit=25#efaf<div class="markdown_content"><p><code>\xef\0</code> can cause TiXmlParsingData::Stamp loop forever, so that I think this can be described as DoS </p></div>Wang ZhongTue, 14 Sep 2021 13:44:56 -0000https://sourceforge.net00f6cee5597485587994497eee9d844db1a95961https://sourceforge.net/p/tinyxml/bugs/141/<div class="markdown_content"><p>This vulnerability is caused by the following code(tinyxmlparser.cpp#212L) which has no op to <code>p</code></p> <div class="codehilite"><pre><span></span><span class="k">while</span> <span class="p">(</span> <span class="n">p</span> <span class="o">&lt;</span> <span class="n">now</span> <span class="p">)</span> <span class="p">{</span> <span class="o">//</span> <span class="n">Treat</span> <span class="n">p</span> <span class="k">as</span> <span class="n">unsigned</span><span class="p">,</span> <span class="n">so</span> <span class="n">we</span> <span class="n">have</span> <span class="n">a</span> <span class="n">happy</span> <span class="n">compiler</span><span class="o">.</span> <span class="k">const</span> <span class="n">unsigned</span> <span class="nb">char</span><span class="o">*</span> <span class="n">pU</span> <span class="o">=</span> <span class="p">(</span><span class="k">const</span> <span class="n">unsigned</span> <span class="nb">char</span><span class="o">*</span><span class="p">)</span><span class="n">p</span><span class="p">;</span> <span class="o">//</span> <span class="n">Code</span> <span class="n">contributed</span> <span class="n">by</span> <span class="n">Fletcher</span> <span class="n">Dunn</span><span class="p">:</span> <span class="p">(</span><span class="n">modified</span> <span class="n">by</span> <span class="n">lee</span><span class="p">)</span> <span class="n">switch</span> <span class="p">(</span><span class="o">*</span><span class="n">pU</span><span class="p">)</span> <span class="p">{</span> <span class="o">//</span> <span class="o">...</span> <span class="n">case</span> <span class="n">TIXML_UTF_LEAD_0</span><span class="p">:</span> <span class="k">if</span> <span class="p">(</span> <span class="n">encoding</span> <span class="o">==</span> <span class="n">TIXML_ENCODING_UTF8</span> <span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span> <span class="o">*</span><span class="p">(</span><span class="n">p</span><span class="o">+</span><span class="mi">1</span><span class="p">)</span> <span class="o">&amp;&amp;</span> <span class="o">*</span><span class="p">(</span><span class="n">p</span><span class="o">+</span><span class="mi">2</span><span class="p">)</span> <span class="p">)</span> <span class="p">{</span> <span class="o">//</span> <span class="n">In</span> <span class="n">these</span> <span class="n">cases</span><span class="p">,</span> <span class="n">don</span><span class="s1">'t advance the column. These are</span> <span class="o">//</span> <span class="mi">0</span><span class="o">-</span><span class="n">width</span> <span class="n">spaces</span><span class="o">.</span> <span class="k">if</span> <span class="p">(</span> <span class="o">*</span><span class="p">(</span><span class="n">pU</span><span class="o">+</span><span class="mi">1</span><span class="p">)</span><span class="o">==</span><span class="n">TIXML_UTF_LEAD_1</span> <span class="o">&amp;&amp;</span> <span class="o">*</span><span class="p">(</span><span class="n">pU</span><span class="o">+</span><span class="mi">2</span><span class="p">)</span><span class="o">==</span><span class="n">TIXML_UTF_LEAD_2</span> <span class="p">)</span> <span class="n">p</span> <span class="o">+=</span> <span class="mi">3</span><span class="p">;</span> <span class="k">else</span> <span class="k">if</span> <span class="p">(</span> <span class="o">*</span><span class="p">(</span><span class="n">pU</span><span class="o">+</span><span class="mi">1</span><span class="p">)</span><span class="o">==</span><span class="mh">0xbf</span><span class="n">U</span> <span class="o">&amp;&amp;</span> <span class="o">*</span><span class="p">(</span><span class="n">pU</span><span class="o">+</span><span class="mi">2</span><span class="p">)</span><span class="o">==</span><span class="mh">0xbe</span><span class="n">U</span> <span class="p">)</span> <span class="n">p</span> <span class="o">+=</span> <span class="mi">3</span><span class="p">;</span> <span class="k">else</span> <span class="k">if</span> <span class="p">(</span> <span class="o">*</span><span class="p">(</span><span class="n">pU</span><span class="o">+</span><span class="mi">1</span><span class="p">)</span><span class="o">==</span><span class="mh">0xbf</span><span class="n">U</span> <span class="o">&amp;&amp;</span> <span class="o">*</span><span class="p">(</span><span class="n">pU</span><span class="o">+</span><span class="mi">2</span><span class="p">)</span><span class="o">==</span><span class="mh">0xbf</span><span class="n">U</span> <span class="p">)</span> <span class="n">p</span> <span class="o">+=</span> <span class="mi">3</span><span class="p">;</span> <span class="k">else</span> <span class="p">{</span> <span class="n">p</span> <span class="o">+=</span><span class="mi">3</span><span class="p">;</span> <span class="o">++</span><span class="n">col</span><span class="p">;</span> <span class="p">}</span> <span class="o">//</span> <span class="n">A</span> <span class="n">normal</span> <span class="n">character</span><span class="o">.</span> <span class="p">}</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="o">++</span><span class="n">p</span><span class="p">;</span> <span class="o">++</span><span class="n">col</span><span class="p">;</span> <span class="p">}</span> <span class="k">break</span><span class="p">;</span> <span class="o">//</span> <span class="o">...</span> <span class="p">}</span> <span class="p">}</span> </pre></div> <p>My test program:</p> <div class="codehilite"><pre><span></span><span class="cp">#include</span> <span class="cpf">"tinyxml.h"</span><span class="cp"></span> <span class="cp">#include</span> <span class="cpf">&lt;stdio.h&gt;</span><span class="cp"></span> <span class="cp">#include</span> <span class="cpf">&lt;stdlib.h&gt;</span><span class="cp"></span> <span class="cp">#include</span> <span class="cpf">&lt;unistd.h&gt;</span><span class="cp"></span> <span class="cp">#include</span> <span class="cpf">&lt;fcntl.h&gt;</span><span class="cp"></span> <span class="kt">int</span> <span class="nf">main</span><span class="p">(</span><span class="kt">int</span> <span class="n">argc</span><span class="p">,</span> <span class="kt">char</span><span class="o">*</span><span class="n">argv</span><span class="p">[]){</span> <span class="k">if</span><span class="p">(</span><span class="n">argc</span> <span class="o">&lt;</span> <span class="mi">2</span><span class="p">){</span> <span class="n">printf</span><span class="p">(</span><span class="s">"args error</span><span class="se">\n</span><span class="s">"</span><span class="p">);</span> <span class="k">return</span> <span class="mi">0</span><span class="p">;</span> <span class="p">}</span> <span class="kt">int</span> <span class="n">fd</span> <span class="o">=</span> <span class="n">open</span><span class="p">(</span><span class="n">argv</span><span class="p">[</span><span class="mi">1</span><span class="p">],</span> <span class="n">O_RDWR</span> <span class="o">|</span> <span class="n">O_APPEND</span><span class="p">);</span> <span class="k">if</span><span class="p">(</span><span class="o">!</span><span class="n">fd</span><span class="p">){</span> <span class="n">printf</span><span class="p">(</span><span class="s">"open failed</span><span class="se">\n</span><span class="s">"</span><span class="p">);</span> <span class="k">return</span> <span class="mi">-1</span><span class="p">;</span> <span class="p">}</span> <span class="kt">int</span> <span class="n">bytes</span> <span class="o">=</span> <span class="mi">1024</span> <span class="o">*</span> <span class="mi">1024</span><span class="p">;</span> <span class="kt">char</span> <span class="o">*</span><span class="n">buffer</span> <span class="o">=</span> <span class="p">(</span><span class="kt">char</span><span class="o">*</span><span class="p">)</span><span class="n">malloc</span><span class="p">(</span><span class="n">bytes</span><span class="p">);</span> <span class="kt">int</span> <span class="n">n</span> <span class="o">=</span> <span class="n">read</span><span class="p">(</span><span class="n">fd</span><span class="p">,</span> <span class="n">buffer</span><span class="p">,</span> <span class="n">bytes</span><span class="mi">-1</span><span class="p">);</span> <span class="n">printf</span><span class="p">(</span><span class="s">"read %d bytes</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">n</span><span class="p">);</span> <span class="n">TiXmlDocument</span> <span class="n">doc</span><span class="p">;</span> <span class="n">doc</span><span class="p">.</span><span class="n">Parse</span><span class="p">(</span><span class="n">buffer</span><span class="p">);</span> <span class="n">close</span><span class="p">(</span><span class="n">fd</span><span class="p">);</span> <span class="n">free</span><span class="p">(</span><span class="n">buffer</span><span class="p">);</span> <span class="k">return</span> <span class="mi">0</span><span class="p">;</span> <span class="p">}</span> </pre></div> <div class="codehilite"><pre><span></span>./harness ./test_case </pre></div> <p>And my test case is in the attachment</p></div>Wang ZhongTue, 14 Sep 2021 13:41:07 -0000https://sourceforge.net7b5e84638a58c470fba97f983187cd980ceb4655https://sourceforge.net/p/tinyxml/bugs/140/<div class="markdown_content"><p>In case of giving string for parsing XML, if there is an "unclosed" element like "&lt;xml search="" "="" for="" parser="" will="" the=""&gt;" . While searching, the parser skipps the whitespase with function TiXmlBase::SkipWhiteSpace( const char* p, TiXmlEncoding encoding )&lt;/xml&gt;</p> <p><code>while ( *p &amp;&amp; IsWhiteSpace( *p ) ) ++p;</code></p> <p>in the 358 line of this fuction, the cursor reaches outsite the memory of the input string. This causes the address sanitizer.</p> <p>In case of file input for pasring, everything is ok because the memory is locate 1 byte larger than the size of file.</p></div>Tran Chi ThienSun, 01 Mar 2020 08:24:11 -0000https://sourceforge.net6a4b317cc3b4e961faf08226bb779043e07e40bfhttps://sourceforge.net/p/tinyxml/bugs/112/?limit=25#7c7f<div class="markdown_content"><p>Hello!</p> <p>I am trying to build an xml message where some tags need to have a value that includes CR LF chars. </p> <p>I have made the patch change in ReadValue function and I have the following: </p> <div class="codehilite"><pre><span></span><span class="nt">TiXmlDocument</span> <span class="nt">XMLdoc</span><span class="o">;</span> <span class="nt">TiXmlPrinter</span> <span class="nt">XMLprinter</span><span class="o">;</span> <span class="nt">TiXmlElement</span> <span class="o">*</span><span class="nt">pRoot</span><span class="o">,</span> <span class="o">*</span><span class="nt">pData</span><span class="o">;</span> <span class="nt">TiXmlText</span> <span class="o">*</span><span class="nt">pText</span><span class="o">;</span> <span class="nt">char</span> <span class="nt">XMLBuffer</span><span class="cp">[</span><span class="mi">624</span><span class="cp">]</span> <span class="o">=</span> <span class="p">{</span> <span class="err">0</span> <span class="p">}</span><span class="o">;</span> <span class="nt">TiXmlBase</span><span class="p">::</span><span class="nd">SetCondenseWhiteSpace</span><span class="o">(</span><span class="nt">false</span><span class="o">);</span> <span class="nt">pRoot</span> <span class="o">=</span> <span class="nt">new</span> <span class="nt">TiXmlElement</span><span class="o">(</span><span class="s2">"MyTest"</span><span class="o">);</span> <span class="nt">XMLdoc</span><span class="p">.</span><span class="nc">LinkEndChild</span><span class="o">(</span><span class="nt">pRoot</span><span class="o">);</span> <span class="nt">pData</span> <span class="o">=</span> <span class="nt">new</span> <span class="nt">TiXmlElement</span><span class="o">(</span><span class="s2">"MyTag"</span><span class="o">);</span> <span class="o">//</span> <span class="nt">Tag</span> <span class="nt">Content</span> <span class="nt">char</span> <span class="nt">receipt_line</span><span class="cp">[</span><span class="mi">512</span><span class="cp">]</span> <span class="o">=</span> <span class="p">{</span> <span class="err">0</span> <span class="p">}</span><span class="o">;</span> <span class="nt">strcpy</span><span class="o">(</span><span class="nt">receipt_line</span><span class="o">,</span> <span class="s2">"this is line 1"</span><span class="o">);</span> <span class="nt">strcat</span><span class="o">(</span><span class="nt">receipt_line</span><span class="o">,</span> <span class="o">(</span><span class="s2">"\x0D\x0A"</span><span class="o">);</span> <span class="nt">strcat</span><span class="o">(</span><span class="nt">receipt_line</span><span class="o">,</span> <span class="s2">"this is line 2"</span><span class="o">);</span> <span class="nt">pText</span> <span class="o">=</span> <span class="nt">new</span> <span class="nt">TiXmlText</span><span class="o">(</span><span class="nt">receipt_line</span><span class="o">);</span> <span class="nt">pData-</span><span class="o">&gt;</span><span class="nt">LinkEndChild</span><span class="o">(</span><span class="nt">pText</span><span class="o">);</span> <span class="nt">pRoot-</span><span class="o">&gt;</span><span class="nt">LinkEndChild</span><span class="o">(</span><span class="nt">pData</span><span class="o">);</span> <span class="c">/* Save XML to buffer */</span> <span class="nt">XMLprinter</span><span class="p">.</span><span class="nc">SetIndent</span><span class="o">(</span><span class="s2">" "</span><span class="o">);</span> <span class="nt">XMLprinter</span><span class="p">.</span><span class="nc">SetLineBreak</span><span class="o">(</span><span class="s2">"\x0D\x0A"</span><span class="o">);</span> <span class="nt">XMLdoc</span><span class="p">.</span><span class="nc">Accept</span><span class="o">(&amp;</span><span class="nt">XMLprinter</span><span class="o">);</span> <span class="nt">strncpy</span><span class="o">(</span><span class="nt">XMLBuffer</span><span class="o">,</span> <span class="nt">XMLprinter</span><span class="p">.</span><span class="nc">CStr</span><span class="o">(),</span> <span class="nt">sizeof</span><span class="o">(</span><span class="nt">XMLBuffer</span><span class="o">)</span> <span class="nt">-</span> <span class="nt">1</span><span class="o">);</span> <span class="nt">XMLdoc</span><span class="p">.</span><span class="nc">SaveFile</span><span class="o">(</span><span class="s2">"text.xml"</span><span class="o">);</span> <span class="nt">--</span> <span class="nt">What</span> <span class="nt">happens</span> <span class="nt">in</span> <span class="nt">the</span> <span class="nt">output</span> <span class="nt">file</span> <span class="nt">is</span> <span class="nt">the</span> <span class="nt">following</span><span class="o">:</span> </pre></div> <p>&lt;mytest&gt;<br/> &lt;mytag&gt;this is line 1 this is line 2&lt;/mytag&gt;<br/> &lt;/mytest&gt;</p> <p>The \r\n characters within the tag value are transformed into , while they exist at the end of each line above. <br/> I have also tried to add these characters in the tag value as follows: <br/> "\r\n"<br/> " "<br/> "0x0D0x0A"<br/> " "</p> <p>No success so far! <br/> I also added the second patch proposed here, still same result. <br/> Any help would be greatly appreciated! </p> <p>Thank you!</p></div>Gina GorgogThu, 12 Dec 2019 11:27:58 -0000https://sourceforge.netf6efe8d297f3609924f2b8f147fd61fe1f14758ahttps://sourceforge.net/p/tinyxml/bugs/139/<div class="markdown_content"><p>XMLPrinter::ClearBuffer sets _ firstElement to true. That leads to the suppression of linebreaks in successive uses of XMLPrinter.</p> <p>This is relevant when buffering the output of XMLPrinter. In detail: The only way to make XMLPrinter write to an std::ostream while not keeping the entire document in memory is to regularly flush the contents of XMLPrinter::CStr() to the ostream - even when only halfway through the document - followed by a call to XMLPrinter::ClearBuffer().</p> <p>The solution is to remove the line setting "firstElement = true" in XMLPrinter::ClearBuffer. I'm happy to provide a pull request if you point me to where I can do that.</p></div>Stephan FriedrichsTue, 05 Mar 2019 22:27:54 -0000https://sourceforge.net6a86ed932b555353ad0d5293aee7eae80949d166https://sourceforge.net/p/tinyxml/bugs/137/?limit=25#60df<div class="markdown_content"><p>Please try:</p> <hr/> <div class="codehilite"><pre><span></span>TiXmlDocument doc1; const char *ret1 = doc1.Parse( "<span class="nt">&lt;Wrong</span> <span class="nt">/&gt;</span>\n" " <span class="nt">&lt;Element</span> <span class="nt">/&gt;</span>\n" "<span class="nt">&lt;/Wrong&gt;</span>\n" "\n"); TiXmlDocument doc2; const char *ret2 = doc2.Parse( "<span class="nt">&lt;Root&gt;</span>\n" "<span class="nt">&lt;Wrong</span> <span class="nt">/&gt;</span>\n" " <span class="nt">&lt;Element</span> <span class="nt">/&gt;</span>\n" "<span class="nt">&lt;/Wrong&gt;</span>\n" "<span class="nt">&lt;/Root&gt;</span>\n" "\n"); </pre></div> <hr/> <div class="codehilite"><pre><span></span>results ==&gt; ret1 is not NULL. ret2 is NULL </pre></div> </div>marshal bananaFri, 03 Nov 2017 09:52:58 -0000https://sourceforge.netbaddac831597fd5bc5df8e2f17bfce36c198b880https://sourceforge.net/p/tinyxml/bugs/137/<div class="markdown_content"><p>Using TinyXml(2.6.2) TiXmlDocument::Parse(), <br/> it accepts this document without error:</p> <p>&lt;Root&gt;<br/> &lt;Wrong/&gt;<br/> &lt;/Wrong&gt;<br/> &lt;/Root&gt;</p></div>marshal bananaSat, 28 Oct 2017 05:09:37 -0000https://sourceforge.netfa0b394fb8ccaa6dd65c2cb905933dc2043b79bchttps://sourceforge.net/p/tinyxml/bugs/136/<div class="markdown_content"><p><span>[tinyxml.h:353]</span>: (style) Array index 'i' is used before limits check.</p> <p>Source code is</p> <div class="codehilite"><pre> for( int i=0; p[i] &amp;&amp; i&lt;*length; ++i ) { </pre></div> </div>dcbSat, 26 Nov 2016 09:56:37 -0000https://sourceforge.net54a8ba55db97a7675ee5b0953113f639d693874b