GNOME Bugzilla – Bug 707027
Pointer dereferenced before null check
Last modified: 2014-10-06 14:31:15 UTC
Created attachment 253472 [details] [review] Fixing Pointer Derefernce before NULL check. In file https://git.gnome.org/browse/libxml2/tree/xmlreader.c 1. In functions: xmlTextReaderFreeProp , xmlTextReaderFreeNodeList and xmlTextReaderFreeNode statement : dict = reader->ctxt->dict; dereferences reader and reader->ctxt. while these are checked against NULL later in the same functions. ---------if (((cur->type == XML_ELEMENT_NODE) || (cur->type == XML_TEXT_NODE)) && (reader != NULL) && (reader->ctxt != NULL) && (reader->ctxt->freeElemsNr < 100)) { ---------------- So, If reader or reader->ctxt is NULL at starting of function, it may lead to crash. 2. In function xmlTextReaderFreePropList the condition " if (cur == NULL) return; " is redundant. Attached Patch fixes the above Bugs.
Right but your patch was severly broken, gcc detected uninitialized variable usage as a result and even if fixed, this led to crash in the make check runtime. I rewrote the patch to fix this, https://git.gnome.org/browse/libxml2/commit/?id=292a9f293decfcd1de8870d93866bf450f3f555f thanks, Daniel
Is this correct link of fix ?
Oops not it's :-) https://git.gnome.org/browse/libxml2/commit/?id=91309d3a1d45aa70aa223b1e3ef1b23ab1c0cf36 Daniel