Bug 161549 – Node::find crashes on invalid XPath query

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 161549 - Node::find crashes on invalid XPath query


Summary:	Node::find crashes on invalid XPath query


Status:	RESOLVED FIXED

Product:	libxml++
Classification:	Bindings
Component:	General
Version:	1.0.x
Hardware:	Other All

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Christophe de Vienne
QA Contact:	Christophe de Vienne

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2004-12-17 14:40 UTC by Caleb Epstein
Modified:	2004-12-22 21:47 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Caleb Epstein 2004-12-17 14:40:49 UTC

If the user calls Node::find with an invalid XPath query (e.g. "//"), the
library will try to dereference a NULL pointer and cause a SIGSEGV.  The
offending code is here:

NodeSet Node::find(const std::string& xpath) const
{
  xmlXPathContext* ctxt = xmlXPathNewContext(impl_->doc);
  ctxt->node = impl_;
  xmlXPathObject* result = xmlXPathEval((const xmlChar*)xpath.c_str(), ctxt);

  if (result->type != XPATH_NODESET)  /* BOOM! */
  {
    xmlXPathFreeObject(result);
    xmlXPathFreeContext(ctxt);
    throw internal_error("sorry, only nodeset result types supported for now.");


The result of xmlPathEval should be checked before being dereferenced.  I would
recommend an exception be thrown when it is 0.

Comment 1 Murray Cumming 2004-12-18 22:55:29 UTC

Thanks. Done in cvs. Please check that it works for you. Please try to create an
actual cvs patch in future.