diff options
| author | arseny.kapoulkine@gmail.com <arseny.kapoulkine@gmail.com@99668b35-9821-0410-8761-19e4c4f06640> | 2013-03-20 02:44:05 +0000 |
|---|---|---|
| committer | arseny.kapoulkine@gmail.com <arseny.kapoulkine@gmail.com@99668b35-9821-0410-8761-19e4c4f06640> | 2013-03-20 02:44:05 +0000 |
| commit | 4e1add1a462980cd6d12eae9adf53986db8df0b8 (patch) | |
| tree | c232e59e070d90e2a8b31d408c38ebdc2ebbd881 | |
| parent | 28def6fbcaa5c9eb92f23d70ce2b74339cfdeee7 (diff) | |
Fix invalid assertion in XPath: reallocation can result in allocating buffer of the same size due to pointer-sized alignment
git-svn-id: http://pugixml.googlecode.com/svn/trunk@946 99668b35-9821-0410-8761-19e4c4f06640
| -rw-r--r-- | src/pugixml.cpp | 2 | ||||
| -rw-r--r-- | tests/test_xpath.cpp | 14 |
2 files changed, 15 insertions, 1 deletions
diff --git a/src/pugixml.cpp b/src/pugixml.cpp index 66493ab..a0b3241 100644 --- a/src/pugixml.cpp +++ b/src/pugixml.cpp @@ -5825,7 +5825,7 @@ PUGI__NS_BEGIN if (result != ptr && ptr) { // copy old data - assert(new_size > old_size); + assert(new_size >= old_size); memcpy(result, ptr, old_size); // free the previous page if it had no other objects diff --git a/tests/test_xpath.cpp b/tests/test_xpath.cpp index 526854a..7f74578 100644 --- a/tests/test_xpath.cpp +++ b/tests/test_xpath.cpp @@ -420,4 +420,18 @@ TEST_XML(xpath_out_of_memory_evaluate_predicate, "<node><a/><a/><a/><a/><a/><a/> #endif } +TEST(xpath_memory_concat_massive) +{ + pugi::xml_document doc; + pugi::xml_node node = doc.append_child(STR("node")); + + for (int i = 0; i < 5000; ++i) + node.append_child(STR("c")).text().set(i % 10); + + pugi::xpath_query q(STR("/")); + size_t size = q.evaluate_string(0, 0, node); + + CHECK(size == 5001); +} + #endif |