From: Daniel Veillard (Daniel.Veillard@w3.org)
Date: Tue Oct 05 1999 - 08:53:04 EDT
On Mon, Oct 04, 1999 at 06:33:56PM +0200, Mathias Hasselmann wrote:
>
> While digging around the source ("How did he implement validation?")
> I've found that:
>
> valid.c: 2780
> char expr[1000];
> char list[2000];
>
> expr[0] = 0;
> xmlSprintfElementContent(expr, cont, 1);
> list[0] = 0;
> xmlSprintfElementChilds(list, elem, 1);
>
> Shouldn't xmlSprintf.* check buffer sizes?
>
> -> xmlSprintfElementContent(expr, sizeof (expr), cont, 1);
Right, except that it's really painful to code :-), especially
since a lot of platform don't have facilities like snprintf ...
In the meantime I don't think it's dangerous per see, we are
dumping the content of a internal data structure, which is itself the
result of parsing.
But this need to be fixed, I agree,
Daniel
-- Daniel.Veillard@w3.org | W3C, INRIA Rhone-Alpes | Today's Bookmarks : Tel : +33 476 615 257 | 655, avenue de l'Europe | Linux, WWW, rpmfind, Fax : +33 476 615 207 | 38330 Montbonnot FRANCE | rpm2html, XML, http://www.w3.org/People/W3Cpeople.html#Veillard | badminton, and Kaffe. ---- Message from the list xml@rufus.w3.org Archived at : http://rufus.w3.org/veillard/XML/messages to unsubscribe: echo "unsubscribe xml" | mail majordomo@rufus.w3.org
This archive was generated by hypermail 2b29 : Wed Aug 02 2000 - 12:29:48 EDT