Comment parsing bug?

Brought to you by: leethomason

Comment parsing bug?

Forum: Developer

Creator: Geoff Carlton

Created: 2007-09-02

Updated: 2013-05-20

Geoff Carlton - 2007-09-02

The recent commenting bug fix seems to itself have a bug in it. Here is the code:
        value = "";
    // Keep all the white space.
    while (    p && *p && !StringEqual( p, endTag, false, encoding ) )
    {
        value.append( p, 1 );
        ++p;
    }
    if ( p )
        p += strlen( endTag );

Firstly, value is accumulated needlessly, since it never gets used. Secondly, the last check should read:
        if ( p && *p )

The current code would cause a pointer overrun for the fairly common case of mismatched comment braces, since the EOF condition of '\0' corresponds to that missing *p check.

Alternatively the loop could be written as:

    while (    p && *p )
    {
                if ( StringEqual( p, endTag, false, encoding) )
                {
                        p += strlen( endTag );
                        break;
                }
        ++p;
    }

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Lee Thomason - 2007-09-02
  
  Good catch! Fixed and checked in.
  
  TinyXML *does* use the comment value (since you can read and set it through the API), so the loop you suggest fixes the overrun but bypassing reading the value. But:
  
  if ( p && *p )
  p += strlen( endTag );
  
  works fine.
  
  Thanks again,
  lee
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.