After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 366161 - xmlCtxtReset() crashes when ctxt->spaceTab happens to be NULL
xmlCtxtReset() crashes when ctxt->spaceTab happens to be NULL
Status: RESOLVED FIXED
Product: libxml2
Classification: Platform
Component: general
2.6.x
Other All
: Normal critical
: ---
Assigned To: Daniel Veillard
libxml QA maintainers
Depends on:
Blocks:
 
 
Reported: 2006-10-28 08:41 UTC by Stefan Behnel
Modified: 2007-06-12 08:18 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description Stefan Behnel 2006-10-28 08:41:39 UTC 
Steps to reproduce:
I'd like to call xmlCtxtReset() - or rather xmlClearParserCtxt() - after running xmlCtxtRead*() to free memory resources and to close open input streams. However, in some cases, this crashes on line 12837 in file parser.c where it says:

    ctxt->spaceTab[0] = -1;

Apparently, this line assumes that spaceTab is never NULL, which does not appear to be a correct assumption, especially (but not only) in the case of errors.

I'd like to see this code section enclosed by a NULL test just like every other similar part of this function to make it more resilient.

Stack trace:


Other information:
Comment 1 Sidnei da Silva 2006-10-28 14:44:42 UTC 
FWIW, both htmlCtxtReset and xmlFreeParserCtxt do the NULL check on ctxt->spaceTab. xmlCtxtReset doesn't.

It seems that the only place where ctx->spaceTab could end up as NULL is in spacePush, if xmlRealloc fails. spacePush then would just return 0 and that doesn't seem to be checked anywhere.
Comment 2 Daniel Veillard 2007-06-12 08:18:30 UTC 
Okay, trivial, fixed in SVN,

Daniel