The XPath parsing code, as exposed through xmlXPathCtxtCompile etc, has a couple of issues related to QName validity. Firstly, xmlXPathParseQName accepts ":name" as a synonym for "name" rather than treating it as an error. Secondly, xmlXPathCompFunctionCall has two early-return-on-error points that can leak copied strings. I believe these can be safely fixed (attached, fix_qname_and_leak.patch) though there might be code somewhere that erroneously uses a leading colon and would need changing to function properly. In the process of investigating and writing this patch, also fixed the build when DEBUG_STEP is defined, and used an evil pointer cast to silence an unrelated warning in schematron (attached, compiling_xpath_debug.patch), hacked in memory debug *Loc versions of the four str(n)cpy functions in xmlstring (useful but not attached, was hacky and changed public interfaces), and wrote various bits of test code, the neatest of which works as a unit test (attached, test_qname_and_leak.patch) - that's in python just as it was easy, not because it's python specific. Martin
Attachment:
fix_qname_and_leak.patch
Description: Binary data
Attachment:
compiling_xpath_debug.patch
Description: Binary data
Attachment:
test_qname_and_leak.patch
Description: Binary data