[libxml2] xpointer : fixing Null Pointers
- From: Daniel Veillard <veillard src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [libxml2] xpointer : fixing Null Pointers
- Date: Tue, 7 Oct 2014 09:11:03 +0000 (UTC)
commit f5496a1ef43ab46211c772cd7a183e719ab24bb5
Author: Gaurav Gupta <g gupta samsung com>
Date: Tue Oct 7 17:09:35 2014 +0800
xpointer : fixing Null Pointers
For https://bugzilla.gnome.org/show_bug.cgi?id=738053
At many places in xpointer.c
Null check is missing which is dereferenced at later places.
xpointer.c | 28 ++++++++++++++++++++++++++++
1 files changed, 28 insertions(+), 0 deletions(-)
---
diff --git a/xpointer.c b/xpointer.c
index 6c8516f..4b4ac2e 100644
--- a/xpointer.c
+++ b/xpointer.c
@@ -1375,6 +1375,8 @@ xmlXPtrEval(const xmlChar *str, xmlXPathContextPtr ctx) {
return(NULL);
ctxt = xmlXPathNewParserContext(str, ctx);
+ if (ctxt == NULL)
+ return(NULL);
ctxt->xptr = 1;
xmlXPtrEvalXPointer(ctxt);
@@ -1807,6 +1809,8 @@ xmlXPtrStartPointFunction(xmlXPathParserContextPtr ctxt, int nargs) {
*/
tmp = xmlXPtrNewLocationSetNodeSet(obj->nodesetval);
xmlXPathFreeObject(obj);
+ if (tmp == NULL)
+ XP_ERROR(XPATH_MEMORY_ERROR)
obj = tmp;
}
@@ -1901,10 +1905,16 @@ xmlXPtrEndPointFunction(xmlXPathParserContextPtr ctxt, int nargs) {
*/
tmp = xmlXPtrNewLocationSetNodeSet(obj->nodesetval);
xmlXPathFreeObject(obj);
+ if (tmp == NULL)
+ XP_ERROR(XPATH_MEMORY_ERROR)
obj = tmp;
}
newset = xmlXPtrLocationSetCreate(NULL);
+ if (newset == NULL) {
+ xmlXPathFreeObject(obj);
+ XP_ERROR(XPATH_MEMORY_ERROR);
+ }
oldset = (xmlLocationSetPtr) obj->user;
if (oldset != NULL) {
int i;
@@ -2049,6 +2059,8 @@ xmlXPtrRangeFunction(xmlXPathParserContextPtr ctxt, int nargs) {
*/
tmp = xmlXPtrNewLocationSetNodeSet(set->nodesetval);
xmlXPathFreeObject(set);
+ if (tmp == NULL)
+ XP_ERROR(XPATH_MEMORY_ERROR)
set = tmp;
}
oldset = (xmlLocationSetPtr) set->user;
@@ -2057,6 +2069,10 @@ xmlXPtrRangeFunction(xmlXPathParserContextPtr ctxt, int nargs) {
* The loop is to compute the covering range for each item and add it
*/
newset = xmlXPtrLocationSetCreate(NULL);
+ if (newset == NULL) {
+ xmlXPathFreeObject(set);
+ XP_ERROR(XPATH_MEMORY_ERROR);
+ }
for (i = 0;i < oldset->locNr;i++) {
xmlXPtrLocationSetAdd(newset,
xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
@@ -2195,6 +2211,8 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) {
*/
tmp = xmlXPtrNewLocationSetNodeSet(set->nodesetval);
xmlXPathFreeObject(set);
+ if (tmp == NULL)
+ XP_ERROR(XPATH_MEMORY_ERROR)
set = tmp;
}
oldset = (xmlLocationSetPtr) set->user;
@@ -2203,6 +2221,10 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) {
* The loop is to compute the covering range for each item and add it
*/
newset = xmlXPtrLocationSetCreate(NULL);
+ if (newset == NULL) {
+ xmlXPathFreeObject(set);
+ XP_ERROR(XPATH_MEMORY_ERROR);
+ }
for (i = 0;i < oldset->locNr;i++) {
xmlXPtrLocationSetAdd(newset,
xmlXPtrInsideRange(ctxt, oldset->locTab[i]));
@@ -2796,6 +2818,10 @@ xmlXPtrStringRangeFunction(xmlXPathParserContextPtr ctxt, int nargs) {
set = valuePop(ctxt);
newset = xmlXPtrLocationSetCreate(NULL);
+ if (newset == NULL) {
+ xmlXPathFreeObject(set);
+ XP_ERROR(XPATH_MEMORY_ERROR);
+ }
if (set->nodesetval == NULL) {
goto error;
}
@@ -2807,6 +2833,8 @@ xmlXPtrStringRangeFunction(xmlXPathParserContextPtr ctxt, int nargs) {
*/
tmp = xmlXPtrNewLocationSetNodeSet(set->nodesetval);
xmlXPathFreeObject(set);
+ if (tmp == NULL)
+ XP_ERROR(XPATH_MEMORY_ERROR)
set = tmp;
}
oldset = (xmlLocationSetPtr) set->user;
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
