GNOME Bugzilla – Bug 336394
Found a write to NULL in transform.c in a low memory condition
Last modified: 2006-03-29 10:17:46 UTC
Please describe the problem: Was running xsltproc to test some transforms being done on another product and got a SEGFAULT... Tracked it back to failed allocated from xmlNewTextLen in xsltCopyTextString... Steps to reproduce: 1. modify libxml2 to randomly return NULL on xmlMalloc to mimic low memory conditions... 2. start tracking down the SEGFAULTS Actual results: Expected results: Does this happen every time? Other information: Index: transform.c =============================================================== ==== RCS file: /cvs/gnome/libxslt/libxslt/transform.c,v retrieving revision 1.284 diff -u -p -r1.284 transform.c --- transform.c 10 Mar 2006 11:51:20 -0000 1.284 +++ transform.c 28 Mar 2006 19:54:49 -0000 @@ -638,7 +638,8 @@ xsltCopyTextString(xsltTransformContextP return(xsltAddTextString(ctxt, target->last, string, len)); } copy = xmlNewTextLen(string, len); - copy->name = xmlStringTextNoenc; + if (copy) + copy->name = xmlStringTextNoenc; } else { if ((target != NULL) && (target->last != NULL) && (target->last->type == XML_TEXT_NODE) &&
Right, good find, the other allocations are checked but it seems I missed that one :-) Applied and commited in CVS, thanks ! Daniel