Re: [xml] patch: problem with xmlParseBalancedChunkMemory containing entities
- From: Daniel Veillard <veillard redhat com>
- To: Rob Richards <rrichards cdatazone org>
- Cc: "xml gnome org" <xml gnome org>
- Subject: Re: [xml] patch: problem with xmlParseBalancedChunkMemory containing entities
- Date: Thu, 17 Feb 2011 13:15:16 +0800
On Wed, Feb 16, 2011 at 02:48:50PM -0500, Rob Richards wrote:
I hit an issue that causes a crash when using
xmlParseBalancedChunkMemory with data that contains an entity.
i.e. <test><data> </data></test>
The xmlDocPtr passed in to the function does contain the entity
declarations btw
When the entity is parsed a call to xmlParseBalancedChunkInternal is
made with the context created from xmlParseBalancedChunkMemory which
has a temporary myDoc property. The content is cretated as being
owned by the temporary doc.
The temporary doc from the top level xmlParseBalancedChunkMemory is
freed leaving the created list from when the entity was parsed with
an invalid pointer which ultimately causes a crash when the
structure is freed.
Attached patch just sets the owning doc for the list to the same one
that owns the parent entity if not so already.
No issues ever with dict as the dict from the original doc is passed
along in each of the new contexts.
Rob
diff --git "a/parser_HEAD.c" "b/parser.c"
index d1c7888..9ab8641 100644
--- "a/parser_HEAD.c"
+++ "b/parser.c"
@@ -6992,6 +6992,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
ent->owner = 1;
while (list != NULL) {
list->parent = (xmlNodePtr) ent;
+ xmlSetTreeDoc(list, ent->doc);
if (list->next == NULL)
ent->last = list;
list = list->next;
Okay, understood, makes sense to me and that should be safe, ACK
thanks !
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel veillard com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
