From a2d20c60cd88481989316a8cedf8bd7d1e9be94a Mon Sep 17 00:00:00 2001 From: Maximilian Schwerin Date: Thu, 27 Dec 2007 14:25:28 +0000 Subject: xmlparser: fix token buffer being too small What this patch does is replace the token buffer of static size in xml_parser_get_node with a malloced buffer. If the lexer notices, that it needs more size it just increases the size of this buffer by factor two and tries again. This may not be very elegant, but it works. node_name and property_name are dynamically-sized too. --- src/xine-utils/xmlparser.c | 52 ++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 46 insertions(+), 6 deletions(-) (limited to 'src/xine-utils/xmlparser.c') diff --git a/src/xine-utils/xmlparser.c b/src/xine-utils/xmlparser.c index a5d8212d2..3cc9bc3c2 100644 --- a/src/xine-utils/xmlparser.c +++ b/src/xine-utils/xmlparser.c @@ -153,10 +153,15 @@ void xml_parser_free_tree(xml_node_t *current_node) { #define STATE_NODE 1 #define STATE_COMMENT 7 -static int xml_parser_get_node (xml_node_t *current_node, char *root_name, int rec) { - char tok[TOKEN_SIZE]; - char property_name[TOKEN_SIZE]; - char node_name[TOKEN_SIZE]; +static int xml_parser_get_node (xml_node_t *current_node, char *root_name, int rec); + +static int _xml_parser_get_node (char ** token_buffer, int * token_buffer_size, + char ** pname_buffer, int * pname_buffer_size, + char ** nname_buffer, int * nname_buffer_size, + xml_node_t *current_node, char *root_name, int rec) { + char *tok = *token_buffer; + char *property_name = *pname_buffer; + char *node_name = *nname_buffer; int state = STATE_IDLE; int res = 0; int parse_res; @@ -168,9 +173,10 @@ static int xml_parser_get_node (xml_node_t *current_node, char *root_name, int r if (rec < MAX_RECURSION) { - memset (tok, 0, TOKEN_SIZE); + memset (tok, 0, *token_buffer_size); - while ((bypass_get_token) || (res = lexer_get_token(tok, TOKEN_SIZE)) != T_ERROR) { + while ((bypass_get_token) || (res = lexer_get_token(token_buffer, token_buffer_size)) != T_ERROR) { + tok = *token_buffer; bypass_get_token = 0; lprintf("info: %d - %d : '%s'\n", state, res, tok); @@ -225,6 +231,12 @@ static int xml_parser_get_node (xml_node_t *current_node, char *root_name, int r if (xml_parser_mode == XML_PARSER_CASE_INSENSITIVE) { strtoupper(tok); } + /* make sure the buffer for the node name is big enough */ + if (token_buffer_size > nname_buffer_size) { + *nname_buffer_size = *token_buffer_size; + *nname_buffer = realloc (*nname_buffer, *nname_buffer_size); + node_name = *nname_buffer; + } strcpy(node_name, tok); state = 2; lprintf("info: current node name \"%s\"\n", node_name); @@ -291,6 +303,12 @@ static int xml_parser_get_node (xml_node_t *current_node, char *root_name, int r if (xml_parser_mode == XML_PARSER_CASE_INSENSITIVE) { strtoupper(tok); } + /* make sure the buffer for the property name is big enough */ + if (token_buffer_size > pname_buffer_size) { + *pname_buffer_size = *token_buffer_size; + *pname_buffer = realloc (*pname_buffer, *pname_buffer_size); + property_name = *pname_buffer; + } strcpy(property_name, tok); state = 5; lprintf("info: current property name \"%s\"\n", property_name); @@ -452,6 +470,28 @@ static int xml_parser_get_node (xml_node_t *current_node, char *root_name, int r } } +static int xml_parser_get_node (xml_node_t *current_node, char *root_name, int rec) +{ + int res = 0; + int token_buffer_size = TOKEN_SIZE; + int pname_buffer_size = TOKEN_SIZE; + int nname_buffer_size = TOKEN_SIZE; + char *token_buffer = xine_xmalloc (token_buffer_size); + char *pname_buffer = xine_xmalloc (pname_buffer_size); + char *nname_buffer = xine_xmalloc (nname_buffer_size); + + res = _xml_parser_get_node(&token_buffer, &token_buffer_size, + &pname_buffer, &pname_buffer_size, + &nname_buffer, &nname_buffer_size, + current_node, root_name, rec); + + free (token_buffer); + free (pname_buffer); + free (nname_buffer); + + return res; +} + int xml_parser_build_tree(xml_node_t **root_node) { xml_node_t *tmp_node; int res; -- cgit v1.2.3 From aa3d3aacdb991ad989933d71734e300535c7d350 Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Sun, 30 Dec 2007 17:23:50 +0000 Subject: Dereference buffer size pointers when comparing buffer sizes. --- src/xine-utils/xmlparser.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'src/xine-utils/xmlparser.c') diff --git a/src/xine-utils/xmlparser.c b/src/xine-utils/xmlparser.c index 3cc9bc3c2..cc2bfe462 100644 --- a/src/xine-utils/xmlparser.c +++ b/src/xine-utils/xmlparser.c @@ -231,12 +231,12 @@ static int _xml_parser_get_node (char ** token_buffer, int * token_buffer_size, if (xml_parser_mode == XML_PARSER_CASE_INSENSITIVE) { strtoupper(tok); } - /* make sure the buffer for the node name is big enough */ - if (token_buffer_size > nname_buffer_size) { - *nname_buffer_size = *token_buffer_size; - *nname_buffer = realloc (*nname_buffer, *nname_buffer_size); - node_name = *nname_buffer; - } + /* make sure the buffer for the node name is big enough */ + if (*token_buffer_size > *nname_buffer_size) { + *nname_buffer_size = *token_buffer_size; + *nname_buffer = realloc (*nname_buffer, *nname_buffer_size); + node_name = *nname_buffer; + } strcpy(node_name, tok); state = 2; lprintf("info: current node name \"%s\"\n", node_name); @@ -303,12 +303,12 @@ static int _xml_parser_get_node (char ** token_buffer, int * token_buffer_size, if (xml_parser_mode == XML_PARSER_CASE_INSENSITIVE) { strtoupper(tok); } - /* make sure the buffer for the property name is big enough */ - if (token_buffer_size > pname_buffer_size) { - *pname_buffer_size = *token_buffer_size; - *pname_buffer = realloc (*pname_buffer, *pname_buffer_size); - property_name = *pname_buffer; - } + /* make sure the buffer for the property name is big enough */ + if (*token_buffer_size > *pname_buffer_size) { + *pname_buffer_size = *token_buffer_size; + *pname_buffer = realloc (*pname_buffer, *pname_buffer_size); + property_name = *pname_buffer; + } strcpy(property_name, tok); state = 5; lprintf("info: current property name \"%s\"\n", property_name); -- cgit v1.2.3 From 147a5017b476e4cd61aadb8e7420bc20832abfef Mon Sep 17 00:00:00 2001 From: Darren Salt Date: Mon, 31 Dec 2007 13:29:40 +0000 Subject: Convert XML parser ABI breakage into ABI extension. Bump the soname accordingly. --- src/xine-utils/xmlparser.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/xine-utils/xmlparser.c') diff --git a/src/xine-utils/xmlparser.c b/src/xine-utils/xmlparser.c index cc2bfe462..14ce35c54 100644 --- a/src/xine-utils/xmlparser.c +++ b/src/xine-utils/xmlparser.c @@ -175,7 +175,7 @@ static int _xml_parser_get_node (char ** token_buffer, int * token_buffer_size, memset (tok, 0, *token_buffer_size); - while ((bypass_get_token) || (res = lexer_get_token(token_buffer, token_buffer_size)) != T_ERROR) { + while ((bypass_get_token) || (res = lexer_get_token_d(token_buffer, token_buffer_size, 0)) != T_ERROR) { tok = *token_buffer; bypass_get_token = 0; lprintf("info: %d - %d : '%s'\n", state, res, tok); -- cgit v1.2.3