After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 735957 - Null check needed in file libexslt/functions.c in function exsltFuncRegisterImportFunc after line no 114
Null check needed in file libexslt/functions.c in function exsltFuncRegister...
Status: RESOLVED FIXED
Product: libxslt
Classification: Platform
Component: general
1.1.x
Other All
: Normal major
: ---
Assigned To: Daniel Veillard
libxml QA maintainers
: 760250 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2014-09-03 09:21 UTC by prabhat kanth
Modified: 2016-02-25 16:42 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Recommended path for fix (581 bytes, application/octet-stream)
2014-09-03 09:24 UTC, prabhat kanth 		Details

Description prabhat kanth 2014-09-03 09:21:12 UTC 
Version 1.1.28
File : libexslt/functions.c

Line no 114 , exsltFuncNewFunctionData is returning NULL in case of failure scenario.

Part of vesrion 1.1.28 code:  
if (func == NULL) {         /* Not yet present - copy it in */
        func = exsltFuncNewFunctionData();
        memcpy(func, data, sizeof(exsltFuncFunctionData));
   
Memcpy may crash in case of func=NULL.

So there shall be NULL check for func .

Recommended code part:
 if (func == NULL) {         /* Not yet present - copy it in */
      func = exsltFuncNewFunctionData();
      if (func == NULL)
          return;
      memcpy(func, data, sizeof(exsltFuncFunctionData));
 

I have attached patch for the fix for the failure scenario.
Comment 1 prabhat kanth 2014-09-03 09:24:57 UTC 
Created attachment 285238 [details]
Recommended path for fix
Comment 2 Nick Wellnhofer 2014-09-28 12:43:22 UTC 
Fixed with the following commit:

https://git.gnome.org/browse/libxslt/commit/?id=fd675976f71264e1fbd84e048b9bb77386d95121
Comment 3 Nick Wellnhofer 2016-02-25 16:42:39 UTC 
*** Bug 760250 has been marked as a duplicate of this bug. ***