From e6a95ce50e5e05b26d3742beea359f1e69dbcc5c Mon Sep 17 00:00:00 2001 From: Dmitry-Me Date: Wed, 10 Dec 2014 09:10:27 +0300 Subject: [PATCH] Validate pool block has the right size before calling placement new --- tinyxml2.cpp | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tinyxml2.cpp b/tinyxml2.cpp index 4ce2184..8259e69 100755 --- a/tinyxml2.cpp +++ b/tinyxml2.cpp @@ -534,16 +534,19 @@ char* XMLDocument::Identify( char* p, XMLNode** node ) #endif XMLNode* returnNode = 0; if ( XMLUtil::StringEqual( p, xmlHeader, xmlHeaderLen ) ) { + TIXMLASSERT( sizeof( XMLDeclaration ) == _commentPool.ItemSize() ); returnNode = new (_commentPool.Alloc()) XMLDeclaration( this ); returnNode->_memPool = &_commentPool; p += xmlHeaderLen; } else if ( XMLUtil::StringEqual( p, commentHeader, commentHeaderLen ) ) { + TIXMLASSERT( sizeof( XMLComment ) == _commentPool.ItemSize() ); returnNode = new (_commentPool.Alloc()) XMLComment( this ); returnNode->_memPool = &_commentPool; p += commentHeaderLen; } else if ( XMLUtil::StringEqual( p, cdataHeader, cdataHeaderLen ) ) { + TIXMLASSERT( sizeof( XMLText ) == _textPool.ItemSize() ); XMLText* text = new (_textPool.Alloc()) XMLText( this ); returnNode = text; returnNode->_memPool = &_textPool; @@ -551,16 +554,19 @@ char* XMLDocument::Identify( char* p, XMLNode** node ) text->SetCData( true ); } else if ( XMLUtil::StringEqual( p, dtdHeader, dtdHeaderLen ) ) { + TIXMLASSERT( sizeof( XMLUnknown ) == _commentPool.ItemSize() ); returnNode = new (_commentPool.Alloc()) XMLUnknown( this ); returnNode->_memPool = &_commentPool; p += dtdHeaderLen; } else if ( XMLUtil::StringEqual( p, elementHeader, elementHeaderLen ) ) { + TIXMLASSERT( sizeof( XMLElement ) == _elementPool.ItemSize() ); returnNode = new (_elementPool.Alloc()) XMLElement( this ); returnNode->_memPool = &_elementPool; p += elementHeaderLen; } else { + TIXMLASSERT( sizeof( XMLText ) == _textPool.ItemSize() ); returnNode = new (_textPool.Alloc()) XMLText( this ); returnNode->_memPool = &_textPool; p = start; // Back it up, all the text counts. @@ -1423,6 +1429,7 @@ XMLAttribute* XMLElement::FindOrCreateAttribute( const char* name ) } } if ( !attrib ) { + TIXMLASSERT( sizeof( XMLAttribute ) == _document->_attributePool.ItemSize() ); attrib = new (_document->_attributePool.Alloc() ) XMLAttribute(); attrib->_memPool = &_document->_attributePool; if ( last ) { @@ -1472,6 +1479,7 @@ char* XMLElement::ParseAttributes( char* p ) // attribute. if (XMLUtil::IsNameStartChar( *p ) ) { + TIXMLASSERT( sizeof( XMLAttribute ) == _document->_attributePool.ItemSize() ); XMLAttribute* attrib = new (_document->_attributePool.Alloc() ) XMLAttribute(); attrib->_memPool = &_document->_attributePool; attrib->_memPool->SetTracked(); @@ -1693,6 +1701,7 @@ void XMLDocument::Clear() XMLElement* XMLDocument::NewElement( const char* name ) { + TIXMLASSERT( sizeof( XMLElement ) == _elementPool.ItemSize() ); XMLElement* ele = new (_elementPool.Alloc()) XMLElement( this ); ele->_memPool = &_elementPool; ele->SetName( name ); @@ -1702,6 +1711,7 @@ XMLElement* XMLDocument::NewElement( const char* name ) XMLComment* XMLDocument::NewComment( const char* str ) { + TIXMLASSERT( sizeof( XMLComment ) == _commentPool.ItemSize() ); XMLComment* comment = new (_commentPool.Alloc()) XMLComment( this ); comment->_memPool = &_commentPool; comment->SetValue( str ); @@ -1711,6 +1721,7 @@ XMLComment* XMLDocument::NewComment( const char* str ) XMLText* XMLDocument::NewText( const char* str ) { + TIXMLASSERT( sizeof( XMLText ) == _textPool.ItemSize() ); XMLText* text = new (_textPool.Alloc()) XMLText( this ); text->_memPool = &_textPool; text->SetValue( str ); @@ -1720,6 +1731,7 @@ XMLText* XMLDocument::NewText( const char* str ) XMLDeclaration* XMLDocument::NewDeclaration( const char* str ) { + TIXMLASSERT( sizeof( XMLDeclaration ) == _commentPool.ItemSize() ); XMLDeclaration* dec = new (_commentPool.Alloc()) XMLDeclaration( this ); dec->_memPool = &_commentPool; dec->SetValue( str ? str : "xml version=\"1.0\" encoding=\"UTF-8\"" ); @@ -1729,6 +1741,7 @@ XMLDeclaration* XMLDocument::NewDeclaration( const char* str ) XMLUnknown* XMLDocument::NewUnknown( const char* str ) { + TIXMLASSERT( sizeof( XMLUnknown ) == _commentPool.ItemSize() ); XMLUnknown* unk = new (_commentPool.Alloc()) XMLUnknown( this ); unk->_memPool = &_commentPool; unk->SetValue( str );