[xml] libxml2: crash when calling xmlDump with xmlAttr
- From: Chris Leishman <chris leishman org>
- To: xml gnome org
- Subject: [xml] libxml2: crash when calling xmlDump with xmlAttr
- Date: Sat, 8 Mar 2003 00:06:24 +0200
Hi all,
I found a problem in more recent versions where by libxml2 crashes (bus
error) when xmlNodeDump is called with a node of type xmlAttr.
It seems that the code in xmlNodeDumpOutputInternal doesn't handle
these nodes, and instead treats it as a generic xmlNode. It then
dereferences cur->properties (calling xmlAttrListDumpOutput with it).
However as a xmlAttr node is shorter than a generic xmlNode, the
'properties' value is off the end of the malloc'd space.
Older versions had code to handle this, and I've corrected the issue by
merging that in. The patch is as follows (against libxml2-2.5.4).
--- libxml2-2.5.4/tree.c
+++ libxml2-2.5.4/tree.c
@@ -6924,6 +6924,10 @@
xmlDumpElementDecl(buf->buffer, (xmlElementPtr) cur);
return;
}
+ if (cur->type == XML_ATTRIBUTE_NODE) {
+ xmlAttrDumpOutput(buf, doc, (xmlAttrPtr)cur, encoding);
+ return;
+ }
if (cur->type == XML_ATTRIBUTE_DECL) {
xmlDumpAttributeDecl(buf->buffer, (xmlAttributePtr) cur);
return;
I actually found this because the test 08findnodes.t for the LibXML
perl module triggers this situation.
Regards,
Chris
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
