lib/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-10-24 13:33:01 +03:00
Code Activity

Avoid a possibility of dangling encoding handler

Browse Source 
For https://bugzilla.gnome.org/show_bug.cgi?id=711149

In Function:
int xmlCharEncCloseFunc(xmlCharEncodingHandler *handler)

If the freed handler is any one of handlers[i] list, then it will make that
hanldlers[i] as dangling. This may lead to crash issues at places where
handlers is read.
This commit is contained in:
Gaurav
2013-11-29 23:10:50 +08:00
committed by Daniel Veillard
parent 826bc32020
commit 080a22c5ea
1 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
encoding.c
View File

@@ -2853,14 +2853,25 @@ int
xmlCharEncCloseFunc(xmlCharEncodingHandler *handler) {
int ret = 0;
int tofree = 0;
int i, handler_in_list = 0;
if (handler == NULL) return(-1);
if (handler->name == NULL) return(-1);
if (handlers != NULL) {
for (i = 0;i < nbCharEncodingHandler; i++) {
if (handler == handlers[i]) {
handler_in_list = 1;
break;
}
}
}
#ifdef LIBXML_ICONV_ENABLED
/*
* Iconv handlers can be used only once, free the whole block.
* and the associated icon resources.
*/
if ((handler->iconv_out != NULL) || (handler->iconv_in != NULL)) {
if ((handler_in_list == 0) &&
((handler->iconv_out != NULL) || (handler->iconv_in != NULL))) {
tofree = 1;
if (handler->iconv_out != NULL) {
if (iconv_close(handler->iconv_out))
@@ -2875,7 +2886,8 @@ xmlCharEncCloseFunc(xmlCharEncodingHandler *handler) {
}
#endif /* LIBXML_ICONV_ENABLED */
#ifdef LIBXML_ICU_ENABLED
if ((handler->uconv_out != NULL) || (handler->uconv_in != NULL)) {
if ((handler_in_list == 0) &&
((handler->uconv_out != NULL) || (handler->uconv_in != NULL))) {
tofree = 1;
if (handler->uconv_out != NULL) {
closeIcuConverter(handler->uconv_out);