Re: [xml] [PATCH] Memory leak in xmlXPathEvalExpression()

On Sun, Oct 11, 2009 at 04:30:12PM +0100, Martin (gzlist) wrote:
A patch and some tests for this issue are attached.

On 10/10/2009, Ralf Junker <ralfjunker gmx de> wrote:
The following psydo-code (is actually Pascal code; I do not have a C memory
checker available) produces a 5-12 byte memory leak (unable to tell the
exact number of bytes):

Okay, I got a few of these a while back but missed this one.

  XPathObj := xmlXPathEvalExpression('//a[ href=]',

This is the only line in your example that matters, it's comes from
trying to parse certain kinds of invalid xpath expressions. In case
it's not clear, the URL needs string quoting in order for the
expression to work as intended.

The basic problem is that xmlXPathCompStep and other functions used
for parsing location paths don't return a success indicator, and not
every call checks to see if there was an error afterwards, so the
parser tries to plow on for a bit before realising there was a

  Yeah, it was a long time ago :)

Thanks for the patch applied, I just had to fix the expected error mesages
set in the python test

Really the xpath parsing could do with some fuzz testing to see if
there are any more of these lurking around.

  Well yes that would be a good idea,


Daniel Veillard      | libxml Gnome XML XSLT toolkit
daniel veillard com  | Rpmfind RPM search engine | virtualization library

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]