You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
void XMLPrinter::Write( const char* data, size_t size )
{
if ( _fp ) {
fwrite ( data , sizeof(char), size, _fp);
}
else {
char* p = _buffer.PushArr( static_cast<int>(size) ) - 1; // back up over the null terminator.
memcpy( p, data, size );
p[size] = 0;
}
}
On many platforms, int is 32 bit but size_t is 64 bit. That static_cast(size) could result in an integer much smaller than the original size, meaning the later memcpy() has a good chance of trashing memory.
It may be that the tinyxml2 code would never call Write() with a size that large, but since Write is protected (not private), some class derived from XMLPrinter could do so.
It is not clear to me what the static_cast accomplishes, since PushArr expects a size_t argument.
The text was updated successfully, but these errors were encountered:
A very recent download (this week) has
On many platforms, int is 32 bit but size_t is 64 bit. That static_cast(size) could result in an integer much smaller than the original size, meaning the later memcpy() has a good chance of trashing memory.
It may be that the tinyxml2 code would never call Write() with a size that large, but since Write is protected (not private), some class derived from XMLPrinter could do so.
It is not clear to me what the static_cast accomplishes, since PushArr expects a size_t argument.
The text was updated successfully, but these errors were encountered: