jengelh/tinyxml2
SHA256
1
0
Fork 1
forked from pool/tinyxml2
Code Pull Requests Activity

Compare commits

base: jengelh:master
Branches Tags
jengelh:master jengelh:factory pool:factory pool:leap-16.0
..
compare: pool:factory
Branches Tags
pool:factory pool:leap-16.0 jengelh:master jengelh:factory

3 Commits
master ... factory

Author SHA256 Message Date
Ana Guerrero
df95c60481 Accepting request 1196024 from devel:libraries:c_c++ 
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1196024
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tinyxml2?expand=0&rev=9
 2024-08-27 17:38:14 +00:00
OBS User unknown
73b2c5e275 [info=e7d6f1849b5649d1fb903f11afcf88f4db5b3fb92e9261375c4155ad4c8d4eec] 
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/tinyxml2?expand=0&rev=20
 2024-08-19 08:03:06 +00:00
Jan Engelhardt
5d52b48c39 [info=8c5148fbdf96e10538863c946b4996eb502dca2ba073a9da8c91f83fd6351b3e] 
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/tinyxml2?expand=0&rev=19
 2024-08-19 07:56:50 +00:00
8 changed files with 314 additions and 27 deletions
Expand all files Collapse all files

52
0001-Make-DocPrinter-support-DynArrays-larger-than-2G.patch Normal file
View File

@@ -0,0 +1,52 @@
From 04bbc06cd0d1fbbcebd91a8cd376a0d3c5b3cb27 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Wed, 14 Aug 2024 15:19:05 +0200
Subject: [PATCH] Make DocPrinter support DynArrays larger than 2G
References: https://github.com/leethomason/tinyxml2/pull/993
If the DynArray within an XMLPrinter object carries 2 gigabytes of
data or more, XMLPrinter::CStrSize returns a truncated result. If a
program casts this back to size_t without thought, sign extension
leads to bad things(tm).
```c++
int main()
{
tinyxml2::XMLDocument doc;
doc.InsertEndChild(doc.NewDeclaration());
auto root = doc.NewElement("root");
size_t sz = 0x80000002;
auto blank = new char[sz];
memset(blank, ' ', sz);
blank[sz-1]='\0';
root->SetText(blank);
doc.InsertEndChild(root);
tinyxml2::XMLPrinter printer(nullptr);
doc.Print(&printer);
std::string_view sv{printer.CStr(), static_cast<size_t>(printer.CStrSize())};
// sv.size() is way too big, causing overflows on access
std::string dup(sv); // boom
}
```
Fixes: 2.0.2-873-geb3ab0d
---
tinyxml2.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tinyxml2.h b/tinyxml2.h
index d5a3afd..cdd6880 100644
--- a/tinyxml2.h
+++ b/tinyxml2.h
@@ -2314,7 +2314,7 @@ public:
of the XML file in memory. (Note the size returned
includes the terminating null.)
*/
- int CStrSize() const {
+ size_t CStrSize() const {
return _buffer.Size();
}
/**
--
2.46.0

244
0001-Make-DynArray-support-objects-larger-than-1-gigabyte.patch Normal file
View File

@@ -0,0 +1,244 @@
From eb3ab0df5d184b84eb283c0806f6abee71e3409b Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Mon, 1 Jul 2024 14:23:34 +0200
Subject: [PATCH] Make DynArray support objects larger than 1 gigabyte
References: https://github.com/leethomason/tinyxml2/pull/990
The expression ``const int newAllocated = cap * 2;`` easily causes
overflow, as soon as the input is 1.0 GiB. This goes unnoticed because
release builds of tinyxml2 do not have active assertions.
The change in commit 9.0.0-20-g8fd6cc6 did not do anything useful;
the signed multiplication overflow (and thus undefined behavior)
still occurs.
Using ``int`` in this class is really archaic, because it limits the
class to a gigabyte even on 64-bit platforms.
The multiplication overflow check also needs to include sizeof(T),
otherwise you can run into unsigned multiplication overflow (defined,
but undesirable) in the memcpy() call.
testcase:
int main()
{
tinyxml2::XMLDocument doc;
doc.InsertEndChild(doc.NewDeclaration());
auto root = doc.NewElement("root");
size_t sz = 0x80000001;
auto blank = new char[sz];
memset(blank, ' ', sz);
blank[sz-1]='\0';
root->SetText(blank);
doc.InsertEndChild(root);
tinyxml2::XMLPrinter printer(nullptr);
doc.Print(&printer);
}
---
tinyxml2.cpp | 2 +-
tinyxml2.h | 65 ++++++++++++++++++++++++++--------------------------
2 files changed, 33 insertions(+), 34 deletions(-)
diff --git a/tinyxml2.cpp b/tinyxml2.cpp
index 6d6c200..0fed8dc 100644
--- a/tinyxml2.cpp
+++ b/tinyxml2.cpp
@@ -2221,7 +2221,7 @@ void XMLDocument::MarkInUse(const XMLNode* const node)
TIXMLASSERT(node);
TIXMLASSERT(node->_parent == 0);
- for (int i = 0; i < _unlinked.Size(); ++i) {
+ for (size_t i = 0; i < _unlinked.Size(); ++i) {
if (node == _unlinked[i]) {
_unlinked.SwapRemove(i);
break;
diff --git a/tinyxml2.h b/tinyxml2.h
index 7586f7b..d5a3afd 100644
--- a/tinyxml2.h
+++ b/tinyxml2.h
@@ -199,7 +199,7 @@ private:
Has a small initial memory pool, so that low or no usage will not
cause a call to new/delete
*/
-template <class T, int INITIAL_SIZE>
+template <class T, size_t INITIAL_SIZE>
class DynArray
{
public:
@@ -227,9 +227,8 @@ public:
++_size;
}
- T* PushArr( int count ) {
- TIXMLASSERT( count >= 0 );
- TIXMLASSERT( _size <= INT_MAX - count );
+ T* PushArr( size_t count ) {
+ TIXMLASSERT( _size <= SIZE_MAX - count );
EnsureCapacity( _size+count );
T* ret = &_mem[_size];
_size += count;
@@ -242,7 +241,7 @@ public:
return _mem[_size];
}
- void PopArr( int count ) {
+ void PopArr( size_t count ) {
TIXMLASSERT( _size >= count );
_size -= count;
}
@@ -251,13 +250,13 @@ public:
return _size == 0;
}
- T& operator[](int i) {
- TIXMLASSERT( i>= 0 && i < _size );
+ T& operator[](size_t i) {
+ TIXMLASSERT( i < _size );
return _mem[i];
}
- const T& operator[](int i) const {
- TIXMLASSERT( i>= 0 && i < _size );
+ const T& operator[](size_t i) const {
+ TIXMLASSERT( i < _size );
return _mem[i];
}
@@ -266,18 +265,18 @@ public:
return _mem[ _size - 1];
}
- int Size() const {
+ size_t Size() const {
TIXMLASSERT( _size >= 0 );
return _size;
}
- int Capacity() const {
+ size_t Capacity() const {
TIXMLASSERT( _allocated >= INITIAL_SIZE );
return _allocated;
}
- void SwapRemove(int i) {
- TIXMLASSERT(i >= 0 && i < _size);
+ void SwapRemove(size_t i) {
+ TIXMLASSERT(i < _size);
TIXMLASSERT(_size > 0);
_mem[i] = _mem[_size - 1];
--_size;
@@ -297,14 +296,14 @@ private:
DynArray( const DynArray& ); // not supported
void operator=( const DynArray& ); // not supported
- void EnsureCapacity( int cap ) {
+ void EnsureCapacity( size_t cap ) {
TIXMLASSERT( cap > 0 );
if ( cap > _allocated ) {
- TIXMLASSERT( cap <= INT_MAX / 2 );
- const int newAllocated = cap * 2;
- T* newMem = new T[static_cast<unsigned int>(newAllocated)];
+ TIXMLASSERT( cap <= SIZE_MAX / 2 / sizeof(T));
+ const size_t newAllocated = cap * 2;
+ T* newMem = new T[newAllocated];
TIXMLASSERT( newAllocated >= _size );
- memcpy( newMem, _mem, sizeof(T)*static_cast<size_t>(_size) ); // warning: not using constructors, only works for PODs
+ memcpy( newMem, _mem, sizeof(T) * _size ); // warning: not using constructors, only works for PODs
if ( _mem != _pool ) {
delete [] _mem;
}
@@ -314,9 +313,9 @@ private:
}
T* _mem;
- T _pool[static_cast<size_t>(INITIAL_SIZE)];
- int _allocated; // objects allocated
- int _size; // number objects in use
+ T _pool[INITIAL_SIZE];
+ size_t _allocated; // objects allocated
+ size_t _size; // number objects in use
};
@@ -330,7 +329,7 @@ public:
MemPool() {}
virtual ~MemPool() {}
- virtual int ItemSize() const = 0;
+ virtual size_t ItemSize() const = 0;
virtual void* Alloc() = 0;
virtual void Free( void* ) = 0;
virtual void SetTracked() = 0;
@@ -340,7 +339,7 @@ public:
/*
Template child class to create pools of the correct type.
*/
-template< int ITEM_SIZE >
+template< size_t ITEM_SIZE >
class MemPoolT : public MemPool
{
public:
@@ -362,10 +361,10 @@ public:
_nUntracked = 0;
}
- virtual int ItemSize() const override{
+ virtual size_t ItemSize() const override {
return ITEM_SIZE;
}
- int CurrentAllocs() const {
+ size_t CurrentAllocs() const {
return _currentAllocs;
}
@@ -376,7 +375,7 @@ public:
_blockPtrs.Push( block );
Item* blockItems = block->items;
- for( int i = 0; i < ITEMS_PER_BLOCK - 1; ++i ) {
+ for( size_t i = 0; i < ITEMS_PER_BLOCK - 1; ++i ) {
blockItems[i].next = &(blockItems[i + 1]);
}
blockItems[ITEMS_PER_BLOCK - 1].next = 0;
@@ -417,7 +416,7 @@ public:
--_nUntracked;
}
- int Untracked() const {
+ size_t Untracked() const {
return _nUntracked;
}
@@ -448,10 +447,10 @@ private:
DynArray< Block*, 10 > _blockPtrs;
Item* _root;
- int _currentAllocs;
- int _nAllocs;
- int _maxAllocs;
- int _nUntracked;
+ size_t _currentAllocs;
+ size_t _nAllocs;
+ size_t _maxAllocs;
+ size_t _nUntracked;
};
@@ -1981,11 +1980,11 @@ private:
void PushDepth();
void PopDepth();
- template<class NodeType, int PoolElementSize>
+ template<class NodeType, size_t PoolElementSize>
NodeType* CreateUnlinkedNode( MemPoolT<PoolElementSize>& pool );
};
-template<class NodeType, int PoolElementSize>
+template<class NodeType, size_t PoolElementSize>
inline NodeType* XMLDocument::CreateUnlinkedNode( MemPoolT<PoolElementSize>& pool )
{
TIXMLASSERT( sizeof( NodeType ) == PoolElementSize );
--
2.45.2

BIN
10.0.0.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
11.0.0.tar.gz (Stored with Git LFS)
View File

Binary file not shown.

4
_scmsync.obsinfo Normal file
View File

@@ -0,0 +1,4 @@
mtime: 1724054347
commit: e7d6f1849b5649d1fb903f11afcf88f4db5b3fb92e9261375c4155ad4c8d4eec
url: https://src.opensuse.org/jengelh/tinyxml2
revision: master

3
build.specials.obscpio Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f4676df1ad4a6e27feee335a3416bdad4d128f3594df3cc812140848abe28805
size 256

18
tinyxml2.changes
View File

@@ -1,21 +1,3 @@
-------------------------------------------------------------------
Sun Mar 16 09:10:55 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
- Update to release 11
* Bump version to address ABI incompatibility between 10.0
and 10.1 both producing the same SONAME.
-------------------------------------------------------------------
Sat Mar 8 20:25:46 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
- Update to release 10.1.0
* Build fixes, typo fixes.
* Fix CVE-2024-50615 which was a problem parsing character
encodings.
- Delete 0001-Make-DocPrinter-support-DynArrays-larger-than-2G.patch
0001-Make-DynArray-support-objects-larger-than-1-gigabyte.patch
(merged)
-------------------------------------------------------------------
Mon Aug 19 07:58:36 UTC 2024 - Jan Engelhardt <jengelh@inai.de>

14
tinyxml2.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package tinyxml2
#
# Copyright (c) 2025 SUSE LLC
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,19 +16,21 @@
#
%define so_version 11
%define so_version 10
%define lib_package lib%{name}-%{so_version}
Name: tinyxml2
Version: 11.0.0
Version: 10.0.0
Release: 0
Summary: Basic XML parser in C++
License: Zlib
Group: Development/Libraries/C and C++
URL: https://github.com/leethomason/tinyxml2
Source: https://github.com/leethomason/tinyxml2/archive/%{version}.tar.gz
Patch1: 0001-Make-DynArray-support-objects-larger-than-1-gigabyte.patch
Patch2: 0001-Make-DocPrinter-support-DynArrays-larger-than-2G.patch
BuildRequires: cmake >= 3.15
BuildRequires: gcc-c++
BuildRequires: pkg-config
BuildRequires: pkgconfig
%description
TinyXML is a feature-bounded XML parser in C++ that can be integrated
@@ -73,8 +75,8 @@ developing applications that use libtinyxml2.
find %{buildroot} -type f -name "*.la" -delete -print
# /usr/lib/cmake is not owned by cmake; avoid any further conflicts
if [ ! -d "%{buildroot}/%{_libdir}/cmake/%{name}" ]; then
mkdir -pv %{buildroot}/%{_libdir}/cmake/%{name}
mv -v %{buildroot}%{_prefix}/lib/cmake/tinyxml2 %{buildroot}/%{_libdir}/cmake/tinyxml2
mkdir -p %{buildroot}/%{_libdir}/cmake/%{name}
mv %{buildroot}%{_prefix}/lib/cmake/tinyxml2 %{buildroot}/%{_libdir}/cmake/tinyxml2
fi
%check