Re: [xml] Patch for Double Free in xmlNewEntityInputStream(parserInternals.c)
- From: Daniel Veillard <veillard redhat com>
- To: Ashwin <ashwins huawei com>
- Cc: xml gnome org, ranjit huawei com
- Subject: Re: [xml] Patch for Double Free in xmlNewEntityInputStream(parserInternals.c)
- Date: Mon, 28 Apr 2008 14:07:48 -0400
On Sat, Apr 26, 2008 at 03:29:47PM +0800, Ashwin wrote:
Hi,
I am attaching a patch which takes care of a double free problem which
happens due to the following statement in function xmlNewEntityInputStream:-
input->filename = (char *) entity->URI;
This leads to a double free because when the input stream is popped
input->filename is freed, and when the dtd is freed, in xmlFreeEntity,
entity->URI is freed which is the same as input->filename leading to a
double free. I believe doing a xmlStrdup will take care of the problem, and
that is what I have done in the patch.
It's surprizing because that call is used quite frequently, e.g. in
the regression tests, but the entity URI is always NULL which is why this
was never raised during any of the existing tests...
I applied and commited a version based on your patch,
thanks a lot !
Daniel
--
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard | virtualization library http://libvirt.org/
veillard redhat com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
