GNOME Bugzilla – Bug 708681
null pointer check missing
Last modified: 2013-11-29 15:30:55 UTC
In tree.c:xmlStaticCopyNodeList, the call to xmlStaticCopyNode is not checked for a NULL return value. #endif /* LIBXML_TREE_ENABLED */ q = xmlStaticCopyNode(node, doc, parent, 1); if (ret == NULL) { q->prev = NULL; ret = p = q; If we run out of memory, we get a core dump. Fix is: --- branches/DEV_RPD_12Q3_BRANCH/dist/libxml2/tree.c 2011/12/27 09:06:00 487850 +++ branches/DEV_RPD_12Q3_BRANCH/dist/libxml2/tree.c 2011/12/27 09:12:34 487851 @@ -4267,6 +4267,8 @@ } else #endif /* LIBXML_TREE_ENABLED */ q = xmlStaticCopyNode(node, doc, parent, 1); + if (q == NULL) + return(NULL); if (ret == NULL) { q->prev = NULL; ret = p = q;
This seems bug, because "xmlStaticCopyNode" can return NULL. Also, at line: 4301, xmlCopyDtd can return NULL. Attached patch fixes both these scenarios. Gaurav
Created attachment 256051 [details] [review] Fixes missing NULL checks
okay i applied the later patch but after changing the style to Phil's one to match libxml2 code: https://git.gnome.org/browse/libxml2/commit/?id=98a4e7128bc92559f05c754d0291a0a5906405d1 thanks to both ! Daniel