|
Oops, forgot to attach the patch!!! Sorry Hi, I am attaching a patch for memleak in InputPush function in case realloc fails. realloc was being done on the original pointer, and inputstream was not being freed in case of failure. Also returning from functions calling xmlPushInput if memory failure has occurred (Not sure whther this is required in all cases).
Another query is for a lot of places where Inputpush function is invoked the return value is not checked, from what I could make out this is because at the time of context creation the number of input streams is set to 5, and since push is being called directly afterwards, the number of streams will not be more than 5 and thus the realloc block inside inputPush will not be hit. So perhaps that is why memory failure is not expected in those paths.
Regards Ashwin
|
*** parser.c 2008-04-02 09:52:52.000000000 +0530
--- parserfix.c 2008-04-01 13:46:48.000000000 +0530
*************** xmlEntityPtr xmlParseStringEntityRef(xml
*** 1234,1240 ****
static int
nsPush(xmlParserCtxtPtr ctxt, const xmlChar *prefix, const xmlChar *URL)
{
- const xmlChar **ppszNsTabTemp;
if (ctxt->options & XML_PARSE_NSCLEAN) {
int i;
for (i = 0;i < ctxt->nsNr;i += 2) {
--- 1234,1239 ----
*************** nsPush(xmlParserCtxtPtr ctxt, const xmlC
*** 1259,1265 ****
}
} else if (ctxt->nsNr >= ctxt->nsMax) {
ctxt->nsMax *= 2;
! ppszNsTabTemp = (const xmlChar **)
xmlRealloc((char *) ctxt->nsTab,
ctxt->nsMax * sizeof(ctxt->nsTab[0]));
if (ctxt->nsTab == NULL) {
--- 1258,1264 ----
}
} else if (ctxt->nsNr >= ctxt->nsMax) {
ctxt->nsMax *= 2;
! ctxt->nsTab = (const xmlChar **)
xmlRealloc((char *) ctxt->nsTab,
ctxt->nsMax * sizeof(ctxt->nsTab[0]));
if (ctxt->nsTab == NULL) {
*************** nsPush(xmlParserCtxtPtr ctxt, const xmlC
*** 1267,1273 ****
ctxt->nsMax /= 2;
return (-1);
}
- ctxt->nsTab = ppszNsTabTemp;
}
ctxt->nsTab[ctxt->nsNr++] = prefix;
ctxt->nsTab[ctxt->nsNr++] = URL;
--- 1266,1271 ----
*************** mem_error:
*** 1349,1369 ****
int
inputPush(xmlParserCtxtPtr ctxt, xmlParserInputPtr value)
{
- xmlParserInputPtr *ppstParserInput = 0;
if ((ctxt == NULL) || (value == NULL))
return(0);
if (ctxt->inputNr >= ctxt->inputMax) {
ctxt->inputMax *= 2;
! ppstParserInput =
(xmlParserInputPtr *) xmlRealloc(ctxt->inputTab,
ctxt->inputMax *
sizeof(ctxt->inputTab[0]));
! if (ppstParserInput == NULL) {
xmlErrMemory(ctxt, NULL);
- xmlFreeInputStream(value);
return (0);
}
- ctxt->inputTab = ppstParserInput;
}
ctxt->inputTab[ctxt->inputNr] = value;
ctxt->input = value;
--- 1347,1364 ----
int
inputPush(xmlParserCtxtPtr ctxt, xmlParserInputPtr value)
{
if ((ctxt == NULL) || (value == NULL))
return(0);
if (ctxt->inputNr >= ctxt->inputMax) {
ctxt->inputMax *= 2;
! ctxt->inputTab =
(xmlParserInputPtr *) xmlRealloc(ctxt->inputTab,
ctxt->inputMax *
sizeof(ctxt->inputTab[0]));
! if (ctxt->inputTab == NULL) {
xmlErrMemory(ctxt, NULL);
return (0);
}
}
ctxt->inputTab[ctxt->inputNr] = value;
ctxt->input = value;
*************** namePop(xmlParserCtxtPtr ctxt)
*** 1590,1605 ****
}
static int spacePush(xmlParserCtxtPtr ctxt, int val) {
- int *iSpaceTabTemp;
if (ctxt->spaceNr >= ctxt->spaceMax) {
ctxt->spaceMax *= 2;
! iSpaceTabTemp = (int *) xmlRealloc(ctxt->spaceTab,
ctxt->spaceMax * sizeof(ctxt->spaceTab[0]));
if (ctxt->spaceTab == NULL) {
xmlErrMemory(ctxt, NULL);
return(0);
}
- ctxt->spaceTab = iSpaceTabTemp;
}
ctxt->spaceTab[ctxt->spaceNr] = val;
ctxt->space = &ctxt->spaceTab[ctxt->spaceNr];
--- 1585,1598 ----
}
static int spacePush(xmlParserCtxtPtr ctxt, int val) {
if (ctxt->spaceNr >= ctxt->spaceMax) {
ctxt->spaceMax *= 2;
! ctxt->spaceTab = (int *) xmlRealloc(ctxt->spaceTab,
ctxt->spaceMax * sizeof(ctxt->spaceTab[0]));
if (ctxt->spaceTab == NULL) {
xmlErrMemory(ctxt, NULL);
return(0);
}
}
ctxt->spaceTab[ctxt->spaceNr] = val;
ctxt->space = &ctxt->spaceTab[ctxt->spaceNr];
*************** xmlParserHandlePEReference(xmlParserCtxt
*** 2247,2254 ****
} else if (ctxt->input->free != deallocblankswrapper) {
input = xmlNewBlanksWrapperInputStream(ctxt, entity);
xmlPushInput(ctxt, input);
- if (ctxt->errNo == XML_ERR_NO_MEMORY)
- return;
} else {
if ((entity->etype == XML_INTERNAL_PARAMETER_ENTITY) ||
(entity->etype == XML_EXTERNAL_PARAMETER_ENTITY)) {
--- 2240,2245 ----
*************** xmlParserHandlePEReference(xmlParserCtxt
*** 2262,2269 ****
*/
input = xmlNewEntityInputStream(ctxt, entity);
xmlPushInput(ctxt, input);
- if (ctxt->errNo == XML_ERR_NO_MEMORY)
- return;
/*
* Get the 4 first bytes and decode the charset
--- 2253,2258 ----
*************** xmlParsePEReference(xmlParserCtxtPtr ctx
*** 6955,6962 ****
input =
xmlNewBlanksWrapperInputStream(ctxt, entity);
xmlPushInput(ctxt, input);
- if (ctxt->errNo == XML_ERR_NO_MEMORY)
- return;
} else {
/*
* TODO !!!
--- 6944,6949 ----
*************** xmlParsePEReference(xmlParserCtxtPtr ctx
*** 6965,6972 ****
*/
input = xmlNewEntityInputStream(ctxt, entity);
xmlPushInput(ctxt, input);
- if (ctxt->errNo == XML_ERR_NO_MEMORY)
- return;
if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) &&
(CMP5(CUR_PTR, '<', '?', 'x', 'm', 'l')) &&
(IS_BLANK_CH(NXT(5)))) {
--- 6952,6957 ----
*************** xmlLoadEntityContent(xmlParserCtxtPtr ct
*** 7042,7049 ****
* saving to the buffer until the end of the entity or an error
*/
xmlPushInput(ctxt, input);
- if (ctxt->errNo == XML_ERR_NO_MEMORY)
- return;
GROW;
c = CUR_CHAR(l);
while ((ctxt->input == input) && (ctxt->input->cur < ctxt->input->end) &&
--- 7027,7032 ----
*************** xmlIOParseDTD(xmlSAXHandlerPtr sax, xmlP
*** 11245,11252 ****
* plug some encoding conversion routines here.
*/
xmlPushInput(ctxt, pinput);
- if (ctxt->errNo == XML_ERR_NO_MEMORY)
- return;
if (enc != XML_CHAR_ENCODING_NONE) {
xmlSwitchEncoding(ctxt, enc);
}
--- 11228,11233 ----
*************** xmlSAXParseDTD(xmlSAXHandlerPtr sax, con
*** 11376,11383 ****
* plug some encoding conversion routines here.
*/
xmlPushInput(ctxt, input);
- if (ctxt->errNo == XML_ERR_NO_MEMORY)
- return;
if ((ctxt->input->end - ctxt->input->cur) >= 4) {
enc = xmlDetectCharEncoding(ctxt->input->cur, 4);
xmlSwitchEncoding(ctxt, enc);
--- 11357,11362 ----