Fix use-of-uninitialized-value in XML parser #132
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add stream state validation before XML parsing - Check for empty input to prevent uninitialized memory access - Throw appropriate xml_parser_error for invalid inputs Fixes: boostorg/boost#1099
Member
|
I suspect that the actual issue here is #129. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fix use-of-uninitialized-value in XML parser
Problem: MemorySanitizer detects use-of-uninitialized-value at line 96 in
xml_parser_read_rapidxml.hppwhen parsing malformed XML input through GraphML parser (issue #131).Root cause: The XML parser attempts to read from streams that are in bad state or contain uninitialized data, which leads to undefined behavior in RapidXML.
Solution: Add early stream validation in
read_xml_internal():stream.good()before any operationsstream.peek() != eof()xml_parser_errorfor invalid inputsTesting: The fix resolves the MemorySanitizer warning while maintaining backward compatibility. Empty streams and bad stream states now throw clear exceptions instead of causing undefined behavior.
Files changed:
libs/property_treesubmodule updated with the security fixFixes: #131