Bug 711149 – dangling handlers in encoding.c

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 711149 - dangling handlers in encoding.c


Summary:	dangling handlers in encoding.c


Status:	RESOLVED FIXED

Product:	libxml2
Classification:	Platform
Component:	general
Version:	git master
Hardware:	Other Linux

Importance:	Normal critical
Target Milestone:	---
Assigned To:	Daniel Veillard
QA Contact:	libxml QA maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2013-10-30 14:09 UTC by Gaurav
Modified:	2013-11-29 15:14 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Fixing dangling handlers. (1.30 KB, patch) 2013-10-30 14:09 UTC, Gaurav	none	Details \| Review

Description Gaurav 2013-10-30 14:09:30 UTC

Created attachment 258573 [details] [review]
Fixing dangling handlers.

In File :
https://git.gnome.org/browse/libxml2/tree/encoding.c

In Function:
int
xmlCharEncCloseFunc(xmlCharEncodingHandler *handler)

If the freed handler is any one of handlers[i] list, then it will make that hanldlers[i] as dangling. This may lead to crash issues at places where handlers is read.


The attached patch is fix for this situation.

Comment 1 Daniel Veillard 2013-11-29 15:14:37 UTC

That scenario is unlikely unless someone registers encoders twice, but
I'm fine fixing this. I had to clean up significantly the patch as
I from the loop was not declared, and we don't use bool type in libxml2.
But i pushed the result,

https://git.gnome.org/browse/libxml2/commit/?id=080a22c5ea395adede98d555d2dab2c85b16b269

  thanks,

Daniel