[libxml++] [Fwd: [Bug 161549] New: Node::find crashes on invalid XPath query]

[Christophe de Vienne <cdevienne alphacent com>]

Hi,

I'm out the office for the next month, so I can't work on this bug for 
now, just access my mails from time to time.
If anybody can work on it feel free.

Regards

Christophe

--- Begin Message ---

• From: bugzilla-daemon bugzilla gnome org
• To: cdevienne netcourrier com
• Cc:
• Subject: [Bug 161549] New: Node::find crashes on invalid XPath query
• Date: Fri, 17 Dec 2004 09:40:49 -0500 (EST)

http://bugzilla.gnome.org/show_bug.cgi?id=161549
libxml++ | General | Ver: 1.0.x

           Summary: Node::find crashes on invalid XPath query
           Product: libxml++
           Version: 1.0.x
          Platform: Other
        OS/Version: All
            Status: UNCONFIRMED
          Severity: normal
          Priority: Normal
         Component: General
        AssignedTo: cdevienne netcourrier com
        ReportedBy: gnome-bklyn sneakemail com


If the user calls Node::find with an invalid XPath query (e.g. "//"), the
library will try to dereference a NULL pointer and cause a SIGSEGV.  The
offending code is here:

NodeSet Node::find(const std::string& xpath) const
{
  xmlXPathContext* ctxt = xmlXPathNewContext(impl_->doc);
  ctxt->node = impl_;
  xmlXPathObject* result = xmlXPathEval((const xmlChar*)xpath.c_str(), ctxt);

  if (result->type != XPATH_NODESET)  /* BOOM! */
  {
    xmlXPathFreeObject(result);
    xmlXPathFreeContext(ctxt);
    throw internal_error("sorry, only nodeset result types supported for now.");


The result of xmlPathEval should be checked before being dereferenced.  I would
recommend an exception be thrown when it is 0.

------- You are receiving this mail because: -------
You are the assignee for the bug.

--- End Message ---