After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 733042 - All arguments not Null checked.
All arguments not Null checked.
Status: RESOLVED FIXED
Product: libxml2
Classification: Platform
Component: general
git master
Other Linux
: Normal critical
: ---
Assigned To: Daniel Veillard
libxml QA maintainers
Depends on:
Blocks:
 
 
Reported: 2014-07-11 05:51 UTC by Gaurav
Modified: 2014-07-14 08:10 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Added proper Null checking. (332 bytes, patch)
2014-07-11 05:51 UTC, Gaurav 		none Details | Review

Description Gaurav 2014-07-11 05:51:45 UTC 
Created attachment 280465 [details] [review]
Added proper Null checking.

In file relaxng.c and function :
xmlRelaxNGAddStates

It is called as below :
10366                         if (ctxt->state != NULL) {
10367                             xmlRelaxNGAddStates(ctxt, states, ctxt->state);

So, third argument is already Null checked

Also It is called as :
10128                 if (ctxt->states != NULL) {
10129                     xmlRelaxNGAddStates(ctxt, ctxt->states, oldstate);
10130                 } else {

Here. second argument is already Null checked.

In this function, it is checking Null only for third argument as below :
1091 static int
 1092 xmlRelaxNGAddStates(xmlRelaxNGValidCtxtPtr ctxt,
 1093                     xmlRelaxNGStatesPtr states,
 1094                     xmlRelaxNGValidStatePtr state)
 1095 {
 1096     int i;
 1097
 1098     if (state == NULL) {
 1099         return (-1);
 1100     }

So, it may cause crash scenarion when the argument which has not been Null checked.

Please apply patch.
Comment 1 Daniel Veillard 2014-07-14 08:10:14 UTC 
Okay patch makes sense, applied as commit 7d2e8c950f1f017f5f3a45f999e5a3aad3e699da in git,

  thanks,

Daniel