| 1 | /* |
|---|
| 2 | * Copyright 2006 The Android Open Source Project |
|---|
| 3 | * |
|---|
| 4 | * Use of this source code is governed by a BSD-style license that can be |
|---|
| 5 | * found in the LICENSE file. |
|---|
| 6 | */ |
|---|
| 7 | |
|---|
| 8 | #include "include/core/SkStream.h" |
|---|
| 9 | #include "include/core/SkString.h" |
|---|
| 10 | #include "include/core/SkTypes.h" |
|---|
| 11 | #include "include/private/base/SkTemplates.h" |
|---|
| 12 | #include "include/private/base/SkTo.h" |
|---|
| 13 | #include "src/xml/SkXMLParser.h" |
|---|
| 14 | |
|---|
| 15 | #include <expat.h> |
|---|
| 16 | |
|---|
| 17 | #include <vector> |
|---|
| 18 | |
|---|
| 19 | static char const* const gErrorStrings[] = { |
|---|
| 20 | "empty or missing file " , |
|---|
| 21 | "unknown element " , |
|---|
| 22 | "unknown attribute name " , |
|---|
| 23 | "error in attribute value " , |
|---|
| 24 | "duplicate ID " , |
|---|
| 25 | "unknown error " |
|---|
| 26 | }; |
|---|
| 27 | |
|---|
| 28 | SkXMLParserError::SkXMLParserError() : fCode(kNoError), fLineNumber(-1), |
|---|
| 29 | fNativeCode(-1) |
|---|
| 30 | { |
|---|
| 31 | reset(); |
|---|
| 32 | } |
|---|
| 33 | |
|---|
| 34 | SkXMLParserError::~SkXMLParserError() |
|---|
| 35 | { |
|---|
| 36 | // need a virtual destructor for our subclasses |
|---|
| 37 | } |
|---|
| 38 | |
|---|
| 39 | void SkXMLParserError::getErrorString(SkString* str) const |
|---|
| 40 | { |
|---|
| 41 | SkASSERT(str); |
|---|
| 42 | SkString temp; |
|---|
| 43 | if (fCode != kNoError) { |
|---|
| 44 | if ((unsigned)fCode < std::size(gErrorStrings)) |
|---|
| 45 | temp.set(gErrorStrings[fCode - 1]); |
|---|
| 46 | temp.append(str: fNoun); |
|---|
| 47 | } else |
|---|
| 48 | SkXMLParser::GetNativeErrorString(nativeErrorCode: fNativeCode, str: &temp); |
|---|
| 49 | str->append(str: temp); |
|---|
| 50 | } |
|---|
| 51 | |
|---|
| 52 | void SkXMLParserError::reset() { |
|---|
| 53 | fCode = kNoError; |
|---|
| 54 | fLineNumber = -1; |
|---|
| 55 | fNativeCode = -1; |
|---|
| 56 | } |
|---|
| 57 | |
|---|
| 58 | //////////////// |
|---|
| 59 | |
|---|
| 60 | namespace { |
|---|
| 61 | |
|---|
| 62 | constexpr const void* kHashSeed = &kHashSeed; |
|---|
| 63 | |
|---|
| 64 | const XML_Memory_Handling_Suite sk_XML_alloc = { |
|---|
| 65 | .malloc_fcn: sk_malloc_throw, |
|---|
| 66 | .realloc_fcn: sk_realloc_throw, |
|---|
| 67 | .free_fcn: sk_free |
|---|
| 68 | }; |
|---|
| 69 | |
|---|
| 70 | struct ParsingContext { |
|---|
| 71 | ParsingContext(SkXMLParser* parser) |
|---|
| 72 | : fParser(parser) |
|---|
| 73 | , fXMLParser(XML_ParserCreate_MM(encoding: nullptr, memsuite: &sk_XML_alloc, namespaceSeparator: nullptr)) { } |
|---|
| 74 | |
|---|
| 75 | void flushText() { |
|---|
| 76 | if (!fBufferedText.empty()) { |
|---|
| 77 | fParser->text(text: fBufferedText.data(), len: SkTo<int>(s: fBufferedText.size())); |
|---|
| 78 | fBufferedText.clear(); |
|---|
| 79 | } |
|---|
| 80 | } |
|---|
| 81 | |
|---|
| 82 | void appendText(const char* txt, size_t len) { |
|---|
| 83 | fBufferedText.insert(position: fBufferedText.end(), first: txt, last: &txt[len]); |
|---|
| 84 | } |
|---|
| 85 | |
|---|
| 86 | SkXMLParser* fParser; |
|---|
| 87 | SkAutoTCallVProc<std::remove_pointer_t<XML_Parser>, XML_ParserFree> fXMLParser; |
|---|
| 88 | |
|---|
| 89 | private: |
|---|
| 90 | std::vector<char> fBufferedText; |
|---|
| 91 | }; |
|---|
| 92 | |
|---|
| 93 | #define HANDLER_CONTEXT(arg, name) ParsingContext* name = static_cast<ParsingContext*>(arg) |
|---|
| 94 | |
|---|
| 95 | void XMLCALL start_element_handler(void *data, const char* tag, const char** attributes) { |
|---|
| 96 | HANDLER_CONTEXT(data, ctx); |
|---|
| 97 | ctx->flushText(); |
|---|
| 98 | |
|---|
| 99 | ctx->fParser->startElement(elem: tag); |
|---|
| 100 | |
|---|
| 101 | for (size_t i = 0; attributes[i]; i += 2) { |
|---|
| 102 | ctx->fParser->addAttribute(name: attributes[i], value: attributes[i + 1]); |
|---|
| 103 | } |
|---|
| 104 | } |
|---|
| 105 | |
|---|
| 106 | void XMLCALL end_element_handler(void* data, const char* tag) { |
|---|
| 107 | HANDLER_CONTEXT(data, ctx); |
|---|
| 108 | ctx->flushText(); |
|---|
| 109 | |
|---|
| 110 | ctx->fParser->endElement(elem: tag); |
|---|
| 111 | } |
|---|
| 112 | |
|---|
| 113 | void XMLCALL text_handler(void *data, const char* txt, int len) { |
|---|
| 114 | HANDLER_CONTEXT(data, ctx); |
|---|
| 115 | |
|---|
| 116 | ctx->appendText(txt, len: SkTo<size_t>(s: len)); |
|---|
| 117 | } |
|---|
| 118 | |
|---|
| 119 | void XMLCALL entity_decl_handler(void *data, |
|---|
| 120 | const XML_Char *entityName, |
|---|
| 121 | int is_parameter_entity, |
|---|
| 122 | const XML_Char *value, |
|---|
| 123 | int value_length, |
|---|
| 124 | const XML_Char *base, |
|---|
| 125 | const XML_Char *systemId, |
|---|
| 126 | const XML_Char *publicId, |
|---|
| 127 | const XML_Char *notationName) { |
|---|
| 128 | HANDLER_CONTEXT(data, ctx); |
|---|
| 129 | |
|---|
| 130 | SkDEBUGF("'%s' entity declaration found, stopping processing" , entityName); |
|---|
| 131 | XML_StopParser(parser: ctx->fXMLParser, XML_FALSE); |
|---|
| 132 | } |
|---|
| 133 | |
|---|
| 134 | } // anonymous namespace |
|---|
| 135 | |
|---|
| 136 | SkXMLParser::SkXMLParser(SkXMLParserError* parserError) : fParser(nullptr), fError(parserError) |
|---|
| 137 | { |
|---|
| 138 | } |
|---|
| 139 | |
|---|
| 140 | SkXMLParser::~SkXMLParser() |
|---|
| 141 | { |
|---|
| 142 | } |
|---|
| 143 | |
|---|
| 144 | bool SkXMLParser::parse(SkStream& docStream) |
|---|
| 145 | { |
|---|
| 146 | ParsingContext ctx(this); |
|---|
| 147 | if (!ctx.fXMLParser) { |
|---|
| 148 | SkDEBUGF("could not create XML parser\n" ); |
|---|
| 149 | return false; |
|---|
| 150 | } |
|---|
| 151 | |
|---|
| 152 | // Avoid calls to rand_s if this is not set. This seed helps prevent DOS |
|---|
| 153 | // with a known hash sequence so an address is sufficient. The provided |
|---|
| 154 | // seed should not be zero as that results in a call to rand_s. |
|---|
| 155 | unsigned long seed = static_cast<unsigned long>( |
|---|
| 156 | reinterpret_cast<size_t>(kHashSeed) & 0xFFFFFFFF); |
|---|
| 157 | XML_SetHashSalt(parser: ctx.fXMLParser, hash_salt: seed ? seed : 1); |
|---|
| 158 | |
|---|
| 159 | XML_SetUserData(parser: ctx.fXMLParser, userData: &ctx); |
|---|
| 160 | XML_SetElementHandler(parser: ctx.fXMLParser, start: start_element_handler, end: end_element_handler); |
|---|
| 161 | XML_SetCharacterDataHandler(parser: ctx.fXMLParser, handler: text_handler); |
|---|
| 162 | |
|---|
| 163 | // Disable entity processing, to inhibit internal entity expansion. See expat CVE-2013-0340. |
|---|
| 164 | XML_SetEntityDeclHandler(parser: ctx.fXMLParser, handler: entity_decl_handler); |
|---|
| 165 | |
|---|
| 166 | static constexpr int kBufferSize = 4096; |
|---|
| 167 | bool done = false; |
|---|
| 168 | do { |
|---|
| 169 | void* buffer = XML_GetBuffer(parser: ctx.fXMLParser, len: kBufferSize); |
|---|
| 170 | if (!buffer) { |
|---|
| 171 | SkDEBUGF("could not buffer enough to continue\n" ); |
|---|
| 172 | return false; |
|---|
| 173 | } |
|---|
| 174 | |
|---|
| 175 | size_t len = docStream.read(buffer, size: kBufferSize); |
|---|
| 176 | done = docStream.isAtEnd(); |
|---|
| 177 | XML_Status status = XML_ParseBuffer(parser: ctx.fXMLParser, len: SkToS32(x: len), isFinal: done); |
|---|
| 178 | if (XML_STATUS_ERROR == status) { |
|---|
| 179 | #if defined(SK_DEBUG) |
|---|
| 180 | XML_Error error = XML_GetErrorCode(parser: ctx.fXMLParser); |
|---|
| 181 | int line = XML_GetCurrentLineNumber(parser: ctx.fXMLParser); |
|---|
| 182 | int column = XML_GetCurrentColumnNumber(parser: ctx.fXMLParser); |
|---|
| 183 | const XML_LChar* errorString = XML_ErrorString(code: error); |
|---|
| 184 | SkDEBUGF("parse error @%d:%d: %d (%s).\n" , line, column, error, errorString); |
|---|
| 185 | #endif |
|---|
| 186 | return false; |
|---|
| 187 | } |
|---|
| 188 | } while (!done); |
|---|
| 189 | |
|---|
| 190 | return true; |
|---|
| 191 | } |
|---|
| 192 | |
|---|
| 193 | bool SkXMLParser::parse(const char doc[], size_t len) |
|---|
| 194 | { |
|---|
| 195 | SkMemoryStream docStream(doc, len); |
|---|
| 196 | return this->parse(docStream); |
|---|
| 197 | } |
|---|
| 198 | |
|---|
| 199 | void SkXMLParser::GetNativeErrorString(int error, SkString* str) |
|---|
| 200 | { |
|---|
| 201 | |
|---|
| 202 | } |
|---|
| 203 | |
|---|
| 204 | bool SkXMLParser::startElement(const char elem[]) |
|---|
| 205 | { |
|---|
| 206 | return this->onStartElement(elem); |
|---|
| 207 | } |
|---|
| 208 | |
|---|
| 209 | bool SkXMLParser::addAttribute(const char name[], const char value[]) |
|---|
| 210 | { |
|---|
| 211 | return this->onAddAttribute(name, value); |
|---|
| 212 | } |
|---|
| 213 | |
|---|
| 214 | bool SkXMLParser::endElement(const char elem[]) |
|---|
| 215 | { |
|---|
| 216 | return this->onEndElement(elem); |
|---|
| 217 | } |
|---|
| 218 | |
|---|
| 219 | bool SkXMLParser::text(const char text[], int len) |
|---|
| 220 | { |
|---|
| 221 | return this->onText(text, len); |
|---|
| 222 | } |
|---|
| 223 | |
|---|
| 224 | //////////////////////////////////////////////////////////////////////////////// |
|---|
| 225 | |
|---|
| 226 | bool SkXMLParser::onStartElement(const char elem[]) {return false; } |
|---|
| 227 | bool SkXMLParser::onAddAttribute(const char name[], const char value[]) {return false; } |
|---|
| 228 | bool SkXMLParser::onEndElement(const char elem[]) { return false; } |
|---|
| 229 | bool SkXMLParser::onText(const char text[], int len) {return false; } |
|---|
| 230 | |
|---|
