|
Hi, Recently we performed failure testing on libxml, that is we simulated malloc failures to see how libxml behaved in that scenario. As a result of the testing we found a number of memory leaks and some crashes. Something like the following in function xmlNewBlanksWrapperInputStream
Snippet of the code input = xmlNewInputStream(ctxt); if (input == NULL) { return(NULL); } length = xmlStrlen(entity->name) + 5; buffer = xmlMallocAtomic(length); if (buffer == NULL) { xmlErrMemory(ctxt, NULL); return(NULL); } Here I believe if the malloc fails for buffer, there will be a memleak for input….
Or another example in function xmlParseEntityDecl- if ((ctxt->myDoc == NULL) || (xmlStrEqual(ctxt->myDoc->version, SAX_COMPAT_MODE))) { if (ctxt->myDoc == NULL) { ctxt->myDoc = xmlNewDoc(SAX_COMPAT_MODE); } if (ctxt->myDoc->intSubset == NULL) ctxt->myDoc->intSubset = xmlNewDtd(ctxt->myDoc,
If malloc fails inside xmlNewDoc, there will be a crash on the subsequent line. There are other similar problems, so I was wondering if there is an assumption that malloc failure will not occur since it is a rare occurrence. Or does corrective action need to be taken wherever it occurs in the failure path.
Thanks in advance!!
Regards Ashwin
|