[xslt] [PATCH 0/3] Fix NULL deref through valuePop retval



I found a segfault arising from either lack of fail fast principle
(does it make sense to try further if the template is evidently
wrong, e.g., because of referencing undefined variables?) or because
of allowing for NULL pointer dereferences -- in my case those were
related to valuePop() return values.

Please excuse rather spartan patches without thorough considerations;
they are not trying to go beyond an attempt to fix a restricted class
of the issues as stated.  That being said, some cases would probably
deserve a more wise merging of corner cases, so you can take it as
a start point for further enhancements.  What I consider important
here is that I managed to put together a rather generic semantic patch
(as in spatch/coccinelle) that not only fixed the two subsequent
segfaults for me (patch 1+2), but also several other instances
of nearly the same (patch 3).

You can find this semantic patch in the commit message of patch 3.
Hope this helps.

Jan Pokorný (3):
  Fix NULL deref through valuePop retval: xsltGenerateIdFunction
  Fix NULL deref through valuePop retval: xsltKeyFunction
  Fix NULL deref through valuePop retval: {e,}xslt*

 libexslt/common.c   |  2 ++
 libexslt/saxon.c    |  2 ++
 libexslt/strings.c  |  2 ++
 libxslt/functions.c | 32 ++++++++++++++++++++++++++++++++
 4 files changed, 38 insertions(+)

-- 
1.8.1.4



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]