tinyxml2 icon indicating copy to clipboard operation
tinyxml2 copied to clipboard

Published 20 hours ago verified publisher icon leethomason

Crashing when xml node name has invalid character

Open kuna opened this issue 5 years ago • 1 comments

I found out though xml node has such invalid name with backslash and star character, tinyxml2 can write and open xml file like below.

<setting>
    <SelectScene>
        <N975>50%</N975>
        <Theme\WMIX_HD\select_movie\*.mpg>off</Theme\WMIX_HD\select_movie\*.mpg>
        <Theme\WMIX_HD\select_shutter\*.png>Default</Theme\WMIX_HD\select_shutter\*.png>
        <N930>ON</N930>
        <N935>OFF</N935>
        <N938>OFF</N938>
    </SelectScene>
</setting>

But it seems like tinyxml2 cannot properly process such node while opening. Although tinyxml2 can open such file, node with invalid name is cannot accessible. And problem occurs when program exits, internally calling Xmldocument destructor and XmlDocument::Clear() function:

#ifdef TINYXML2_DEBUG
    if ( !hadError ) {
        TIXMLASSERT( _elementPool.CurrentAllocs()   == _elementPool.Untracked() );  // <-- here, number unmatch
        TIXMLASSERT( _attributePool.CurrentAllocs() == _attributePool.Untracked() );
        TIXMLASSERT( _textPool.CurrentAllocs()      == _textPool.Untracked() );
        TIXMLASSERT( _commentPool.CurrentAllocs()   == _commentPool.Untracked() );
    }
#endif

I think this error occurs because node memory is allocated while opening but it isn't registered anywhere - though I didn't inspect this error deeply, just reporting. Anyway, nodes with such name are invalid and should not loaded, saved, or created. I think node name filtering is necessary in such procedures.

Thank you.

kuna avatar Sep 13 '19 14:09 kuna

Hi

Anyway, nodes with such name are invalid and should not loaded, saved, or created. I think node name filtering is necessary in such procedures.

  • nodes not loaded

  • file with that nodes not loaded

  • nodes loaded, but stashed while saving (or modified basing on heuristics)

  • file with that nodes loaded, but read only (not saved)

  • nodes loaded, saved but not created (?) if application do it using API

Hm... so much possibilities, isn't it?

Maybe, if we ask XML documentation we will see:

NameStartChar | ::= | ":" | [A-Z] | "_" | [a-z] | [#xC0-#xD6] | [#xD8-#xF6] | [#xF8-#x2FF] | [#x370-#x37D] | [#x37F-#x1FFF] | [#x200C-#x200D] | [#x2070-#x218F] | [#x2C00-#x2FEF] | [#x3001-#xD7FF] | [#xF900-#xFDCF] | [#xFDF0-#xFFFD] | [#x10000-#xEFFFF]

So, XML parsing should just not load file because not valid XML (Start|End)-Tag's Name? https://www.w3.org/TR/xml/#NT-NameStartChar

Best.

JulianVolodia avatar Sep 13 '19 15:09 JulianVolodia