Re: [xml] Patch for Double Free in xmlNewEntityInputStream(parserInternals.c)

From: Ashwin <ashwins huawei com>
To: veillard redhat com
Cc: xml gnome org, ranjit huawei com
Subject: Re: [xml] Patch for Double Free in xmlNewEntityInputStream(parserInternals.c)
Date: Tue, 29 Apr 2008 09:53:39 +0800

 It's surprizing because that call is used quite frequently, e.g. in
the regression tests, but the entity URI is always NULL which is why this
was never raised during any of the existing tests...
 I applied and commited a version based on your patch,


Hi,
   Yes, it will be not NULL in a very weird case, somewhat similar to the
one for which there was a fix recently (SVN 3713). Suppose you have an xml
document with an external subset, In the external subset a parameter
entity(say E1) is defined whose replacement text is external using SYSTEM,
Then in the external subset you have another PE (E2) whose replacement text
is E1, in this case entity->URI will not be NULL and would lead to a double
free...

An extremely weird scenario!!! I don't think anyone would be twisted enough
to use PE's that way....

Regards
Ashwin

Follow-Ups:
- Re: [xml] Patch for Double Free in xmlNewEntityInputStream(parserInternals.c)
  - From: Daniel Veillard

References:
- Re: [xml] Patch for Double Free in xmlNewEntityInputStream(parserInternals.c)
  - From: Daniel Veillard

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]