[xslt] Bug in "xsltProcessUserParamInternal"

From: "Babak Vahedipour-Kunze" <bugrep cm-ag de>
To: <xslt gnome org>
Subject: [xslt] Bug in "xsltProcessUserParamInternal"
Date: Sat, 27 Apr 2002 17:05:11 +0200

Hello Daniel,

I recently discovered a bug in libxslt 1.0.16 which can cause 
a process to crash in

    libxslt/variables.c
        xsltProcessUserParamInternal(ctxt, name, value, eval).

All the mess happens during "Name lookup" which, when failed 
(on lines 753 - 777), leaves behind two dead pointers namely
"ncname" and "prefix" that now point to xmlFree'd memory. 
However this does not prevent "ncname" from being xmlStrdup'd
on line 839 which then will certainly cause weird things.

almost forgot to mention: libxslt rulez...


Babak Vahedipour-Kunze

Follow-Ups:
- Re: [xslt] Bug in "xsltProcessUserParamInternal"
  - From: Daniel Veillard

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]