[xml] [PATCH] Memory leak in xmlXPathEvalExpression()

A patch and some tests for this issue are attached.

On 10/10/2009, Ralf Junker <ralfjunker gmx de> wrote:
The following psydo-code (is actually Pascal code; I do not have a C memory
checker available) produces a 5-12 byte memory leak (unable to tell the
exact number of bytes):

Okay, I got a few of these a while back but missed this one.

  XPathObj := xmlXPathEvalExpression('//a[ href=http://hello.com]',

This is the only line in your example that matters, it's comes from
trying to parse certain kinds of invalid xpath expressions. In case
it's not clear, the URL needs string quoting in order for the
expression to work as intended.

The basic problem is that xmlXPathCompStep and other functions used
for parsing location paths don't return a success indicator, and not
every call checks to see if there was an error afterwards, so the
parser tries to plow on for a bit before realising there was a

Really the xpath parsing could do with some fuzz testing to see if
there are any more of these lurking around.


Attachment: Avoid-leaking-strings.patch
Description: Binary data

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]