Re: [xml] Patch for Double Free in xmlNewEntityInputStream(parserInternals.c)
- From: Daniel Veillard <veillard redhat com>
- To: Ashwin <ashwins huawei com>
- Cc: xml gnome org, ranjit huawei com
- Subject: Re: [xml] Patch for Double Free in xmlNewEntityInputStream(parserInternals.c)
- Date: Tue, 29 Apr 2008 02:49:37 -0400
On Tue, Apr 29, 2008 at 09:53:39AM +0800, Ashwin wrote:
It's surprizing because that call is used quite frequently, e.g. in
the regression tests, but the entity URI is always NULL which is why this
was never raised during any of the existing tests...
I applied and commited a version based on your patch,
Hi,
Yes, it will be not NULL in a very weird case, somewhat similar to the
one for which there was a fix recently (SVN 3713). Suppose you have an xml
document with an external subset, In the external subset a parameter
entity(say E1) is defined whose replacement text is external using SYSTEM,
Then in the external subset you have another PE (E2) whose replacement text
is E1, in this case entity->URI will not be NULL and would lead to a double
free...
An extremely weird scenario!!! I don't think anyone would be twisted enough
to use PE's that way....
If you could provide a set of data, i think this is weird enough
that this should be added to the test suite to avoid tripping on this
later,
thanks !
Daniel
--
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard | virtualization library http://libvirt.org/
veillard redhat com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
