Apache Xerces C++

Crash in DOMRangeImpl::traverseSameContainer

We are encountering two crashes in DOMRangeImpl::traverseSameContainer. I am attaching the call stack of the crash for reference. At this point, we do not have much information regarding the specific XML file name or content being parsed when the Read more

Android's NDK compiler (a specific version of Clang) doesn't support RTTI of classes across dynamically loaded shared libraries unless the classes have "key functions."  See    https://developer.android.com/ndk/guides/common-problems#rttiexceptions_not_working_across_library_boundaries Read more

Header include test uses #if instead of #ifdef

When building xerces-c 3.2.4, it detects some system headers during the configuration step and then defines symbols if these are headers are found. If the headers are not found, the symbols are just not defined (instead of being defined to the value Read more

Yes, this is a fairly obscure feature that is disabled by default and is not very widely used, IME. As I understand, if enabled, the DOM nodes will contain "pointers" back to the corresponding XML Schema entities. So if you have, say, a DOMElement Read more

Segmentation fauilt in xerces parse when fgXercesDOMHasPSVIInfo is true

Thanks for the detailed description of the issue and the reproducer. Will try to take a look if/when I have time to see if this is something easy to fix.   My security assessment of this issue is as follows: I don't believe this segfault is likely Read more

Our application validates against a specific set of schemas, and when a new schema is added to the no namespace schema list, xerces segfaults with the following stack trace: #0  0x00007fd8817b2bca Read more

Uh, I just noticed you are talking about emojis in file name, not file content. I suspect the file opening API Xerces-C++ uses does not handle Unicode or Xerces-C++ doesn't pass the file name in correct encoding. You can probably work around this Read more