After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 738053 - Fixing Null Pointers.
Fixing Null Pointers.
Status: RESOLVED FIXED
Product: libxml2
Classification: Platform
Component: general
git master
Other Linux
: Normal critical
: ---
Assigned To: Daniel Veillard
libxml QA maintainers
Depends on:
Blocks:
 
 
Reported: 2014-10-07 04:51 UTC by Gaurav
Modified: 2014-10-08 01:53 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Fixing Null Pointers. (3.15 KB, patch)
2014-10-07 04:51 UTC, Gaurav 		none Details | Review

Description Gaurav 2014-10-07 04:51:23 UTC 
Created attachment 287904 [details] [review]
Fixing Null Pointers.

At many places in xpointer.c
Null check is missing which is dereferenced at later places.

Please apply the patch.

Also below code:
1817     newset = xmlXPtrLocationSetCreate(NULL);
1818     if (newset == NULL) {
1819         xmlXPathFreeObject(obj);
1820         XP_ERROR(XPATH_MEMORY_ERROR);
1821     }

is already there, so similar checks added at other places.
Comment 1 Daniel Veillard 2014-10-07 09:12:18 UTC 
  Okay all looks right except a couple of place where there
was a space and tab mixup for indentation,

  applied and commited to git,

    thanks !

Daniel
Comment 2 Gaurav 2014-10-07 09:37:01 UTC 
Thanks for applying the Patch.
I have a question regarding valuePop API, It is used everywhere without checking return value against NULL.
For E.g: xpointer.c
1805     obj = valuePop(ctxt);
1806     if (obj->type == XPATH_NODESET) {

As we see below, this API can return NULL. Do NULL check required.
If it is required, I can submit a patch.
But changes would be many.
Please let me know.

xmlXPathObjectPtr
valuePop(xmlXPathParserContextPtr ctxt)
{
    xmlXPathObjectPtr ret;

    if ((ctxt == NULL) || (ctxt->valueNr <= 0))
        return (NULL);

    if (ctxt->valueNr <= ctxt->valueFrame) {
        xmlXPatherror(ctxt, __FILE__, __LINE__, XPATH_STACK_ERROR);
        return (NULL);
    }

    ctxt->valueNr--;
    if (ctxt->valueNr > 0)
        ctxt->value = ctxt->valueTab[ctxt->valueNr - 1];
    else
        ctxt->value = NULL;
    ret = ctxt->valueTab[ctxt->valueNr];
    ctxt->valueTab[ctxt->valueNr] = NULL;
    return (ret);
}
Comment 3 Daniel Veillard 2014-10-08 01:53:30 UTC 
Yes it can return NULL for example if there is no more objects on the stack,
I would focus more on xpath.c than xpointer.c as its use is far more common.

  thanks,

Daniel