Bug 704527 – Dereferencing Null return value.

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 704527 - Dereferencing Null return value.


Summary:	Dereferencing Null return value.


Status:	RESOLVED FIXED

Product:	libxml2
Classification:	Platform
Component:	general
Version:	git master
Hardware:	Other Linux

Importance:	Normal critical
Target Milestone:	---
Assigned To:	Daniel Veillard
QA Contact:	libxml QA maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2013-07-19 08:07 UTC by Gaurav
Modified:	2013-07-22 06:30 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Gaurav 2013-07-19 08:07:59 UTC

In file : https://git.gnome.org/browse/libxml2/tree/xmlschemastypes.c

Line no: 245

static xmlSchemaFacetPtr
xmlSchemaNewMinLengthFacet(int value)
{
    ------ Some Code -----
    ret->val = xmlSchemaNewValue(XML_SCHEMAS_NNINTEGER);
    ret->val->value.decimal.lo = value;
    return (ret);
}

Here, function xmlSchemaNewValue can return NULL explicitly.
So, when ret->val is dereferenced in next line, it may cause crash.

So, it should be modified as below:

if (ret->val) ret->val->value.decimal.lo = value;
return(ret);

Comment 1 Daniel Veillard 2013-07-22 06:30:18 UTC

Yup, easy to fix:

https://git.gnome.org/browse/libxml2/commit/?id=717042d2ae21e36c5efda8d2e64fc88385095503

  thanks !

Daniel