Hi, I'm using the PJLIB xml parser and testing my application with valgrind. During XML parsing valgrind reports reads of uninitialized memory in pj_scan_get_char() and pj_scan_skip_whitespace(). I'm passing the XML in a dynamically allocated buffer and the string is not nul terminated. My string length is correct and the buffer is much larger than the string, it seems that pjlib's scanner is reading past the end of the valid XML characters with the expectation that there is a nul character written there to stop it reading further. The extra read is harmless in most cases, but potentially the scanner could escape and scan large amounts of memory for whitespace, or parse extra fragments of XML that happened to in adjacent memory. The documentation for pj_scan_init() states that it will append the nul terminator but it does not actually seem to do that. The scanner obviously works well with SIP so I'm not sure of the best option to fix the problem with XML, I could either: - Just make sure the XML string to pj_xml_parse() is nul terminated. - Add bounds checks to pj_scan_get_char() to ensure that curptr hasn't passed the end (probably other places in scanner.c as well). Thanks for your help, Mark
