CodeQL (a code quality/security tool) points out a handful of alerts in tinyxml2.
In each of the seven Query*Text methods, the const char* t = FirstChild()->Value(); return value is not null-checked.
For example:
XMLError XMLElement::QueryIntText( int* ival ) const
{
if ( FirstChild() && FirstChild()->ToText() ) {
const char* t = FirstChild()->Value();
if ( XMLUtil::ToInt( t, ival ) ) {
return XML_SUCCESS;
}
return XML_CAN_NOT_CONVERT_TEXT;
}
return XML_NO_TEXT_NODE;
}
Likewise, in DeepClone(), the XMLNode* childClone = child->DeepClone(target); is not null-checked in release builds, although in debug builds the TIXMLASSERT() would detect it. If one of the child->DeepClone() fails, the shallow cloned object at the top should be deleted.
XMLNode* XMLNode::DeepClone(XMLDocument* target) const
{
XMLNode* clone = this->ShallowClone(target);
if (!clone) return 0;
for (const XMLNode* child = this->FirstChild(); child; child = child->NextSibling()) {
XMLNode* childClone = child->DeepClone(target);
TIXMLASSERT(childClone);
clone->InsertEndChild(childClone);
}
return clone;
}
CodeQL (a code quality/security tool) points out a handful of alerts in tinyxml2.
In each of the seven Query*Text methods, the
const char* t = FirstChild()->Value();return value is not null-checked.For example:
Likewise, in DeepClone(), the
XMLNode* childClone = child->DeepClone(target);is not null-checked in release builds, although in debug builds the TIXMLASSERT() would detect it. If one of the child->DeepClone() fails, the shallow cloned object at the top should be deleted.