1 /*
2 * Copyright 2006 The Android Open Source Project
3 *
4 * Use of this source code is governed by a BSD-style license that can be
5 * found in the LICENSE file.
6 */
7
8 #include "include/core/SkStream.h"
9 #include "include/core/SkString.h"
10 #include "include/core/SkTypes.h"
11 #include "include/private/base/SkTemplates.h"
12 #include "include/private/base/SkTo.h"
13 #include "src/xml/SkXMLParser.h"
14
15 #include <expat.h>
16
17 #include <vector>
18
19 static char const* const gErrorStrings[] = {
20 "empty or missing file ",
21 "unknown element ",
22 "unknown attribute name ",
23 "error in attribute value ",
24 "duplicate ID ",
25 "unknown error "
26 };
27
SkXMLParserError()28 SkXMLParserError::SkXMLParserError() : fCode(kNoError), fLineNumber(-1),
29 fNativeCode(-1)
30 {
31 reset();
32 }
33
~SkXMLParserError()34 SkXMLParserError::~SkXMLParserError()
35 {
36 // need a virtual destructor for our subclasses
37 }
38
getErrorString(SkString * str) const39 void SkXMLParserError::getErrorString(SkString* str) const
40 {
41 SkASSERT(str);
42 SkString temp;
43 if (fCode != kNoError) {
44 if ((unsigned)fCode < std::size(gErrorStrings))
45 temp.set(gErrorStrings[fCode - 1]);
46 temp.append(fNoun);
47 } else
48 SkXMLParser::GetNativeErrorString(fNativeCode, &temp);
49 str->append(temp);
50 }
51
reset()52 void SkXMLParserError::reset() {
53 fCode = kNoError;
54 fLineNumber = -1;
55 fNativeCode = -1;
56 }
57
58 ////////////////
59
60 namespace {
61
62 constexpr const void* kHashSeed = &kHashSeed;
63
64 const XML_Memory_Handling_Suite sk_XML_alloc = {
65 sk_malloc_throw,
66 sk_realloc_throw,
67 sk_free
68 };
69
70 struct ParsingContext {
ParsingContext__anonbcbf8b420111::ParsingContext71 ParsingContext(SkXMLParser* parser)
72 : fParser(parser)
73 , fXMLParser(XML_ParserCreate_MM(nullptr, &sk_XML_alloc, nullptr)) { }
74
flushText__anonbcbf8b420111::ParsingContext75 void flushText() {
76 if (!fBufferedText.empty()) {
77 fParser->text(fBufferedText.data(), SkTo<int>(fBufferedText.size()));
78 fBufferedText.clear();
79 }
80 }
81
appendText__anonbcbf8b420111::ParsingContext82 void appendText(const char* txt, size_t len) {
83 fBufferedText.insert(fBufferedText.end(), txt, &txt[len]);
84 }
85
86 SkXMLParser* fParser;
87 SkAutoTCallVProc<std::remove_pointer_t<XML_Parser>, XML_ParserFree> fXMLParser;
88
89 private:
90 std::vector<char> fBufferedText;
91 };
92
93 #define HANDLER_CONTEXT(arg, name) ParsingContext* name = static_cast<ParsingContext*>(arg)
94
start_element_handler(void * data,const char * tag,const char ** attributes)95 void XMLCALL start_element_handler(void *data, const char* tag, const char** attributes) {
96 HANDLER_CONTEXT(data, ctx);
97 ctx->flushText();
98
99 ctx->fParser->startElement(tag);
100
101 for (size_t i = 0; attributes[i]; i += 2) {
102 ctx->fParser->addAttribute(attributes[i], attributes[i + 1]);
103 }
104 }
105
end_element_handler(void * data,const char * tag)106 void XMLCALL end_element_handler(void* data, const char* tag) {
107 HANDLER_CONTEXT(data, ctx);
108 ctx->flushText();
109
110 ctx->fParser->endElement(tag);
111 }
112
text_handler(void * data,const char * txt,int len)113 void XMLCALL text_handler(void *data, const char* txt, int len) {
114 HANDLER_CONTEXT(data, ctx);
115
116 ctx->appendText(txt, SkTo<size_t>(len));
117 }
118
entity_decl_handler(void * data,const XML_Char * entityName,int is_parameter_entity,const XML_Char * value,int value_length,const XML_Char * base,const XML_Char * systemId,const XML_Char * publicId,const XML_Char * notationName)119 void XMLCALL entity_decl_handler(void *data,
120 const XML_Char *entityName,
121 int is_parameter_entity,
122 const XML_Char *value,
123 int value_length,
124 const XML_Char *base,
125 const XML_Char *systemId,
126 const XML_Char *publicId,
127 const XML_Char *notationName) {
128 HANDLER_CONTEXT(data, ctx);
129
130 SkDEBUGF("'%s' entity declaration found, stopping processing", entityName);
131 XML_StopParser(ctx->fXMLParser, XML_FALSE);
132 }
133
134 } // anonymous namespace
135
SkXMLParser(SkXMLParserError * parserError)136 SkXMLParser::SkXMLParser(SkXMLParserError* parserError) : fParser(nullptr), fError(parserError)
137 {
138 }
139
~SkXMLParser()140 SkXMLParser::~SkXMLParser()
141 {
142 }
143
parse(SkStream & docStream)144 bool SkXMLParser::parse(SkStream& docStream)
145 {
146 ParsingContext ctx(this);
147 if (!ctx.fXMLParser) {
148 SkDEBUGF("could not create XML parser\n");
149 return false;
150 }
151
152 // Avoid calls to rand_s if this is not set. This seed helps prevent DOS
153 // with a known hash sequence so an address is sufficient. The provided
154 // seed should not be zero as that results in a call to rand_s.
155 unsigned long seed = static_cast<unsigned long>(
156 reinterpret_cast<size_t>(kHashSeed) & 0xFFFFFFFF);
157 XML_SetHashSalt(ctx.fXMLParser, seed ? seed : 1);
158
159 XML_SetUserData(ctx.fXMLParser, &ctx);
160 XML_SetElementHandler(ctx.fXMLParser, start_element_handler, end_element_handler);
161 XML_SetCharacterDataHandler(ctx.fXMLParser, text_handler);
162
163 // Disable entity processing, to inhibit internal entity expansion. See expat CVE-2013-0340.
164 XML_SetEntityDeclHandler(ctx.fXMLParser, entity_decl_handler);
165
166 XML_Status status = XML_STATUS_OK;
167 if (docStream.getMemoryBase() && docStream.hasLength()) {
168 const char* base = reinterpret_cast<const char*>(docStream.getMemoryBase());
169 status = XML_Parse(ctx.fXMLParser,
170 base + docStream.getPosition(),
171 docStream.getLength() - docStream.getPosition(),
172 true);
173 } else {
174 static constexpr int kBufferSize = 4096;
175 bool done = false;
176 do {
177 void* buffer = XML_GetBuffer(ctx.fXMLParser, kBufferSize);
178 if (!buffer) {
179 SkDEBUGF("could not buffer enough to continue\n");
180 return false;
181 }
182
183 size_t len = docStream.read(buffer, kBufferSize);
184 done = docStream.isAtEnd();
185 status = XML_ParseBuffer(ctx.fXMLParser, SkToS32(len), done);
186 if (XML_STATUS_ERROR == status) {
187 break;
188 }
189 } while (!done);
190 }
191 if (XML_STATUS_ERROR == status) {
192 #if defined(SK_DEBUG)
193 XML_Error error = XML_GetErrorCode(ctx.fXMLParser);
194 int line = XML_GetCurrentLineNumber(ctx.fXMLParser);
195 int column = XML_GetCurrentColumnNumber(ctx.fXMLParser);
196 const XML_LChar* errorString = XML_ErrorString(error);
197 SkDEBUGF("parse error @%d:%d: %d (%s).\n", line, column, error, errorString);
198 #endif
199 return false;
200 }
201
202 return true;
203 }
204
parse(const char doc[],size_t len)205 bool SkXMLParser::parse(const char doc[], size_t len)
206 {
207 SkMemoryStream docStream(doc, len);
208 return this->parse(docStream);
209 }
210
GetNativeErrorString(int error,SkString * str)211 void SkXMLParser::GetNativeErrorString(int error, SkString* str)
212 {
213
214 }
215
startElement(const char elem[])216 bool SkXMLParser::startElement(const char elem[])
217 {
218 return this->onStartElement(elem);
219 }
220
addAttribute(const char name[],const char value[])221 bool SkXMLParser::addAttribute(const char name[], const char value[])
222 {
223 return this->onAddAttribute(name, value);
224 }
225
endElement(const char elem[])226 bool SkXMLParser::endElement(const char elem[])
227 {
228 return this->onEndElement(elem);
229 }
230
text(const char text[],int len)231 bool SkXMLParser::text(const char text[], int len)
232 {
233 return this->onText(text, len);
234 }
235
236 ////////////////////////////////////////////////////////////////////////////////
237
onStartElement(const char elem[])238 bool SkXMLParser::onStartElement(const char elem[]) {return false; }
onAddAttribute(const char name[],const char value[])239 bool SkXMLParser::onAddAttribute(const char name[], const char value[]) {return false; }
onEndElement(const char elem[])240 bool SkXMLParser::onEndElement(const char elem[]) { return false; }
onText(const char text[],int len)241 bool SkXMLParser::onText(const char text[], int len) {return false; }
242