From: Maynard J. <may...@us...> - 2009-10-09 22:33:49
|
Update of /cvsroot/oprofile/oprofile/libutil++ In directory 23jxhf1.ch3.sourceforge.com:/tmp/cvs-serv22073/libutil++ Modified Files: xml_output.cpp Log Message: fix buffer overflows in xml generator Index: xml_output.cpp =================================================================== RCS file: /cvsroot/oprofile/oprofile/libutil++/xml_output.cpp,v retrieving revision 1.4 retrieving revision 1.5 diff -u -p -d -r1.4 -r1.5 --- xml_output.cpp 23 Oct 2008 13:43:49 -0000 1.4 +++ xml_output.cpp 9 Oct 2009 22:33:30 -0000 1.5 @@ -16,7 +16,8 @@ using namespace std; -#define MAX_XML_BUF 1024 +#define MAX_XML_BUF 16384 +static char buf[MAX_XML_BUF]; string tag_name(tag_t tag) { @@ -29,10 +30,9 @@ string tag_name(tag_t tag) string open_element(tag_t tag, bool with_attrs) { ostringstream out; - char buf[MAX_XML_BUF]; buf[0] = '\0'; - open_xml_element(tag, with_attrs, buf); + open_xml_element(tag, with_attrs, buf, MAX_XML_BUF); out << buf; return out.str(); } @@ -41,10 +41,9 @@ string open_element(tag_t tag, bool with string close_element(tag_t tag, bool has_nested) { ostringstream out; - char buf[MAX_XML_BUF]; buf[0] = '\0'; - close_xml_element(tag, has_nested, buf); + close_xml_element(tag, has_nested, buf, MAX_XML_BUF); out << buf; return out.str(); } @@ -53,10 +52,9 @@ string close_element(tag_t tag, bool has string init_attr(tag_t attr, size_t value) { ostringstream out; - char buf[MAX_XML_BUF]; buf[0] = '\0'; - init_xml_int_attr(attr, value, buf); + init_xml_int_attr(attr, value, buf, MAX_XML_BUF); out << buf; return out.str(); } @@ -65,10 +63,9 @@ string init_attr(tag_t attr, size_t valu string init_attr(tag_t attr, double value) { ostringstream out; - char buf[MAX_XML_BUF]; buf[0] = '\0'; - init_xml_dbl_attr(attr, value, buf); + init_xml_dbl_attr(attr, value, buf, MAX_XML_BUF); out << buf; return out.str(); } @@ -77,10 +74,9 @@ string init_attr(tag_t attr, double valu string init_attr(tag_t attr, string const & str) { ostringstream out; - char buf[MAX_XML_BUF]; buf[0] = '\0'; - init_xml_str_attr(attr, str.c_str(), buf); + init_xml_str_attr(attr, str.c_str(), buf, MAX_XML_BUF); out << buf; return out.str(); } |