Update property_tree submodule with XML parser fix #1102
Closed
+1
−1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This updates the property_tree submodule to include the fix for use-of-uninitialized-value in xml_parser_read_rapidxml.hpp The fix adds proper stream validation before XML parsing.
Member
|
This fix needs to be applied in boostorg/property_tree, not here. Submodules are updated automatically by a script. |
Author
|
The fix as requested has been moved to: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fix use-of-uninitialized-value in XML parser
Problem: MemorySanitizer detects use-of-uninitialized-value at line 96 in
xml_parser_read_rapidxml.hppwhen parsing malformed XML input through GraphML parser (issue boostorg/property_tree#131).Root cause: The XML parser attempts to read from streams that are in bad state or contain uninitialized data, which leads to undefined behavior in RapidXML.
Solution: Add early stream validation in
read_xml_internal():stream.good()before any operationsstream.peek() != eof()xml_parser_errorfor invalid inputsTesting: The fix resolves the MemorySanitizer warning while maintaining backward compatibility. Empty streams and bad stream states now throw clear exceptions instead of causing undefined behavior.
Files changed:
libs/property_treesubmodule updated with the security fixFixes: boostorg/property_tree#131