Re: [xml] Patch for Double Free in xmlNewEntityInputStream(parserInternals.c)

On Sat, Apr 26, 2008 at 03:29:47PM +0800, Ashwin wrote:


I am attaching a patch which takes care of a double free problem which
happens due to the following statement in function xmlNewEntityInputStream:-


input->filename = (char *) entity->URI;


This leads to a double free because when the input stream is popped
input->filename is freed, and when the dtd is freed, in xmlFreeEntity,
entity->URI is freed which is the same as input->filename leading to a
double free. I believe doing a xmlStrdup will take care of the problem, and
that is what I have done in the patch.

  It's surprizing because that call is used quite frequently, e.g. in
the regression tests, but the entity URI is always NULL which is why this
was never raised during any of the existing tests...
  I applied and commited a version based on your patch,

   thanks a lot !


Red Hat Virtualization group
Daniel Veillard      | virtualization library
veillard redhat com  | libxml GNOME XML XSLT toolkit | Rpmfind RPM search engine

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]