After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 793028 - Remove a misleading line from xmlCharEncOutput
Remove a misleading line from xmlCharEncOutput
Status: RESOLVED FIXED
Product: libxml2
Classification: Platform
Component: parser
git master
Other All
: Normal minor
: ---
Assigned To: Daniel Veillard
Depends on:
Blocks:
 
 
Reported: 2018-01-30 13:16 UTC by Andrey Bienkowski
Modified: 2018-07-23 03:13 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
0001-Remove-a-misleading-line-from-xmlCharEncOutput.patch (820 bytes, patch)
2018-01-30 13:16 UTC, Andrey Bienkowski 		none Details | Review

Description Andrey Bienkowski 2018-01-30 13:16:20 UTC 
Created attachment 367643 [details] [review]
0001-Remove-a-misleading-line-from-xmlCharEncOutput.patch

Overview:
I was just passing by and saw a line of code that looked oddly out of place.

if (ret >= 0) output += ret;

This line increases xmlOutputBufferPtr output (one of the parameters of the xmlCharEncOutput) by the number of bytes written. This pointer points to a wrapper struct, not to any buffer so after incrementing it becomes invalid. It looks like this line was accidentally copied over from xmlCharEncOutFunc where output is an int variable for collecting statistics. Luckily the current implementation of xmlCharEncOutput doesn't dereference output after accidentally advancing it or it would trigger UB. I decided to remove the line anyway because it creates a potentially dangerous situation.
Comment 1 Daniel Veillard 2018-07-23 03:13:20 UTC 
Hum, right good analysis changing the pointer that way is just ... wrong !

Pushed :
https://gitlab.gnome.org/GNOME/libxml2/commit/d2293cdbc83b3ca79b9d7132c5a62dfd7e3751be

  thanks a lot !

Daniel