[Playlist] dont use istream directly to a tinyxml structure #20306
+5
−1
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Description
Turn istream into a std::string to handle large buffers #20305
Motivation and context
Fixes #20305
the >> operator of istream does no bounds checking and hangs/eventually crashes with large inputs as seen with the POC provided. Instead look to bring the istream into a std::string and then parse the string with tinyxml into the CXBMCTinyXML structure.
How has this been tested?
OSX with the provided POC in #20305, and another "good" sample asx file.
The POC errors out with the xmldoc.Error check. Good sample is processed correctly.
What is the effect on users?
No crash with a malicious asx file
Screenshots (if appropriate):
Types of change
Checklist: