After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 733040 - Fix Null Pointer Dereference
Fix Null Pointer Dereference
Status: RESOLVED FIXED
Product: libxml2
Classification: Platform
Component: general
git master
Other Linux
: Normal critical
: ---
Assigned To: Daniel Veillard
libxml QA maintainers
Depends on:
Blocks:
 
 
Reported: 2014-07-11 05:29 UTC by Gaurav
Modified: 2014-07-14 08:41 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Fix Possible Null Pointer dereference. (391 bytes, patch)
2014-07-11 05:29 UTC, Gaurav
none Details | Review

Description Gaurav 2014-07-11 05:29:52 UTC
Created attachment 280463 [details] [review]
Fix Possible Null Pointer dereference.

In file parser.c :
 9316                 const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
 9317                 xmlURIPtr uri;
 9318
 9319                 if (*URL != 0) {


In above code, if URL is NUll then if condition is doing NUll check.
But *URL is de-referencing URL which may crash.

Please apply attached patch.
Comment 1 Daniel Veillard 2014-07-14 08:41:15 UTC
The error condition is right, xmlDictLookup() should never return
numm but may do so in case of allocation error. But the test need
to be maintained we are checking for an enpty string there
i.e. xmlns="" which is perfectly legal.

 I commited a fix c836ba66e57d4d9f90f1dc7a827625c99622408f in git,

  thanks for the report !

Daniel