Bug 733040 – Fix Null Pointer Dereference

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 733040 - Fix Null Pointer Dereference


Summary:	Fix Null Pointer Dereference


Status:	RESOLVED FIXED

Product:	libxml2
Classification:	Platform
Component:	general
Version:	git master
Hardware:	Other Linux

Importance:	Normal critical
Target Milestone:	---
Assigned To:	Daniel Veillard
QA Contact:	libxml QA maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2014-07-11 05:29 UTC by Gaurav
Modified:	2014-07-14 08:41 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Fix Possible Null Pointer dereference. (391 bytes, patch) 2014-07-11 05:29 UTC, Gaurav	none	Details \| Review

Description Gaurav 2014-07-11 05:29:52 UTC

Created attachment 280463 [details] [review]
Fix Possible Null Pointer dereference.

In file parser.c :
 9316                 const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
 9317                 xmlURIPtr uri;
 9318
 9319                 if (*URL != 0) {


In above code, if URL is NUll then if condition is doing NUll check.
But *URL is de-referencing URL which may crash.

Please apply attached patch.

Comment 1 Daniel Veillard 2014-07-14 08:41:15 UTC

The error condition is right, xmlDictLookup() should never return
numm but may do so in case of allocation error. But the test need
to be maintained we are checking for an enpty string there
i.e. xmlns="" which is perfectly legal.

 I commited a fix c836ba66e57d4d9f90f1dc7a827625c99622408f in git,

  thanks for the report !

Daniel