Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

xmldocument::save: use encoding interpreted by get_write_encoding in buffered_writer constructor #621

Merged
merged 1 commit into from
Jul 8, 2024

Conversation

aral-matrix
Copy link

This is a preemptive patch, for something that is currently not a bug, but could become one in the future.

xml_document::save currently constructs buffered_writer with parameter encoding:
https://github.com/zeux/pugixml/blob/master/src/pugixml.cpp#L7459

The xml_buffered_writer constructor then invokes get_write_encoding to interpret that user_encoding:
https://github.com/zeux/pugixml/blob/master/src/pugixml.cpp#L3753

get_write_encoding can modify the value of encoding (that is subsequently used to initialize buffered_writer.encoding)
https://github.com/zeux/pugixml/blob/master/src/pugixml.cpp#L3618

xml_document::save proceeds to perform two checks on the unmodified local function parameter encoding:
https://github.com/zeux/pugixml/blob/master/src/pugixml.cpp#L7463 (encoding != encoding_latin1)
and
https://github.com/zeux/pugixml/blob/master/src/pugixml.cpp#L7477 (encoding == encoding_latin1)

This implementation could cause a bug in the future, if either of the following becomes true:

  1. encoding_latin1 is modified to a different encoding in get_write_encoding
  2. any other encoding is modified to encoding_latin1
  3. a similar check is added in xml_document::save on any other encoding that is translated either to a different value or from a different value in get_write_encoding, meaning that the check would then act on the non-interpreted function parameter, possibly triggering an action for the wrong encoding

This patch implements the two checks on the interpreted buffered_writer.encoding member variable instead of the unmodified function parameter encoding.

@zeux zeux merged commit 30cc354 into zeux:master Jul 8, 2024
22 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants