I was asked to evaluate VTD-XML for my company so I was implementing a version of our application using the C version of VTD-XML. I found a pretty severe bug that meant we couldn't use it. But I thought I should point it out in case it hasn't been noticed before.
So, storage is allocated 8k of memory, which gives an array of 2048 4-byte pointers.
However, when iterating through this array in the for loop, ih->hw can be set to sizes above 2048 (in my case, I saw it at 4096), which caused the application to crash.
-Michael
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi,
I was asked to evaluate VTD-XML for my company so I was implementing a version of our application using the C version of VTD-XML. I found a pretty severe bug that meant we couldn't use it. But I thought I should point it out in case it hasn't been noticed before.
In the function createIntHash2:
ih->storage = (FastIntBuffer **) malloc(sizeof(FastIntBuffer*)<<ih_hashWidthE);
ih->hw = 1<<hashWidthExpo;
ih->m1 = ih->hw -1;
ih->m2 = (~ih->m1) & 0xffffffff;
ih->maxDepth = 0;
ih->pse = ih_pageSizeE;
/* initialize everything to null */
for (i=0;i<ih->hw;i++){
ih->storage[i]= NULL;
}
So, storage is allocated 8k of memory, which gives an array of 2048 4-byte pointers.
However, when iterating through this array in the for loop, ih->hw can be set to sizes above 2048 (in my case, I saw it at 4096), which caused the application to crash.
-Michael
Hi, thanks for pointing that out, will look into it and get back to you.
Jimmy