Swiftdiff options
| author | Edwin Mons <edwin.mons@isode.com> | 2018-11-09 09:15:38 (GMT) |
|---|---|---|
| committer | Edwin Mons <edwin.mons@isode.com> | 2018-11-09 13:43:02 (GMT) |
| commit | 56384396e5501ebcf7276caa2cb561023d3c3d12 (patch) | |
| tree | a9365158591c420fe4fe16e661264b9d56f54bce | |
| parent | a45eed2d826f60a20dfd1f4f06df37d1f83263f8 (diff) | |
| download | swift-56384396e5501ebcf7276caa2cb561023d3c3d12.zip swift-56384396e5501ebcf7276caa2cb561023d3c3d12.tar.bz2 | |
Remove numeric_casts from XML parsers
The code has been updated to use asserts where a sensible recovery path
was deemed impossible, and a conditional return for parse. In general,
our XML parsing will fail for any single parse of a document over
roughly 2 2GiB, which is probably not going to be a practical issue soon.
Test-Information:
Unit tests pass on macOS 10.13 using Expat and Debian 9 using LibXML
Change-Id: I3a8da802860028ea278b322af081c2b22b55a442
| -rw-r--r-- | Swiften/Parser/ExpatParser.cpp | 8 | ||||
| -rw-r--r-- | Swiften/Parser/LibXMLParser.cpp | 16 |
2 files changed, 15 insertions, 9 deletions
diff --git a/Swiften/Parser/ExpatParser.cpp b/Swiften/Parser/ExpatParser.cpp index 77d959c..8415c42 100644 --- a/Swiften/Parser/ExpatParser.cpp +++ b/Swiften/Parser/ExpatParser.cpp @@ -7,13 +7,12 @@ #include <Swiften/Parser/ExpatParser.h> #include <cassert> +#include <limits> #include <memory> #include <string> #include <expat.h> -#include <boost/numeric/conversion/cast.hpp> - #include <Swiften/Base/String.h> #include <Swiften/Parser/XMLParserClient.h> @@ -84,7 +83,10 @@ ExpatParser::~ExpatParser() { } bool ExpatParser::parse(const std::string& data) { - bool success = XML_Parse(p->parser_, data.c_str(), boost::numeric_cast<int>(data.size()), false) == XML_STATUS_OK; + if (data.size() > std::numeric_limits<int>::max()) { + return false; + } + bool success = XML_Parse(p->parser_, data.c_str(), static_cast<int>(data.size()), false) == XML_STATUS_OK; /*if (!success) { std::cout << "ERROR: " << XML_ErrorString(XML_GetErrorCode(p->parser_)) << " while parsing " << data << std::endl; }*/ diff --git a/Swiften/Parser/LibXMLParser.cpp b/Swiften/Parser/LibXMLParser.cpp index be0a92d..5bd3737 100644 --- a/Swiften/Parser/LibXMLParser.cpp +++ b/Swiften/Parser/LibXMLParser.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2016 Isode Limited. + * Copyright (c) 2010-2018 Isode Limited. * All rights reserved. * See the COPYING file for more information. */ @@ -8,11 +8,10 @@ #include <cassert> #include <cstring> +#include <limits> #include <memory> #include <string> -#include <boost/numeric/conversion/cast.hpp> - #include <libxml/parser.h> #include <Swiften/Base/Log.h> @@ -36,11 +35,12 @@ static void handleStartElement(void* parser, const xmlChar* name, const xmlChar* if (attributes[i+2]) { attributeNS = std::string(reinterpret_cast<const char*>(attributes[i+2])); } + assert(attributes[i+4] >= attributes[i+3]); attributeValues.addAttribute( std::string(reinterpret_cast<const char*>(attributes[i])), attributeNS, std::string(reinterpret_cast<const char*>(attributes[i+3]), - boost::numeric_cast<size_t>(attributes[i+4]-attributes[i+3]))); + static_cast<size_t>(attributes[i+4]-attributes[i+3]))); } static_cast<XMLParser*>(parser)->getClient()->handleStartElement(reinterpret_cast<const char*>(name), (xmlns ? reinterpret_cast<const char*>(xmlns) : std::string()), attributeValues); } @@ -50,7 +50,8 @@ static void handleEndElement(void *parser, const xmlChar* name, const xmlChar*, } static void handleCharacterData(void* parser, const xmlChar* data, int len) { - static_cast<XMLParser*>(parser)->getClient()->handleCharacterData(std::string(reinterpret_cast<const char*>(data), boost::numeric_cast<size_t>(len))); + assert(len >= 0); + static_cast<XMLParser*>(parser)->getClient()->handleCharacterData(std::string(reinterpret_cast<const char*>(data), static_cast<size_t>(len))); } static void handleError(void*, const char* /*m*/, ... ) { @@ -94,7 +95,10 @@ LibXMLParser::~LibXMLParser() { } bool LibXMLParser::parse(const std::string& data) { - if (xmlParseChunk(p->context_, data.c_str(), boost::numeric_cast<int>(data.size()), false) == XML_ERR_OK) { + if (data.size() > std::numeric_limits<int>::max()) { + return false; + } + if (xmlParseChunk(p->context_, data.c_str(), static_cast<int>(data.size()), false) == XML_ERR_OK) { return true; } xmlError* error = xmlCtxtGetLastError(p->context_); |