1
0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2025-10-24 13:33:01 +03:00

xmlParseBalancedChunkMemory must not be called with NULL doc

There is no way to avoid memory leaks without a document to hold the
namespace list.
This commit is contained in:
Nick Wellnhofer
2020-05-30 15:40:08 +02:00
parent a0a8059b2c
commit 2e8cc66d8f

View File

@@ -13176,7 +13176,7 @@ xmlParseExternalEntity(xmlDocPtr doc, xmlSAXHandlerPtr sax, void *user_data,
/** /**
* xmlParseBalancedChunkMemory: * xmlParseBalancedChunkMemory:
* @doc: the document the chunk pertains to * @doc: the document the chunk pertains to (must not be NULL)
* @sax: the SAX handler block (possibly NULL) * @sax: the SAX handler block (possibly NULL)
* @user_data: The user data returned on SAX callbacks (possibly NULL) * @user_data: The user data returned on SAX callbacks (possibly NULL)
* @depth: Used for loop detection, use 0 * @depth: Used for loop detection, use 0
@@ -13628,7 +13628,7 @@ xmlParseInNodeContext(xmlNodePtr node, const char *data, int datalen,
#ifdef LIBXML_SAX1_ENABLED #ifdef LIBXML_SAX1_ENABLED
/** /**
* xmlParseBalancedChunkMemoryRecover: * xmlParseBalancedChunkMemoryRecover:
* @doc: the document the chunk pertains to * @doc: the document the chunk pertains to (must not be NULL)
* @sax: the SAX handler block (possibly NULL) * @sax: the SAX handler block (possibly NULL)
* @user_data: The user data returned on SAX callbacks (possibly NULL) * @user_data: The user data returned on SAX callbacks (possibly NULL)
* @depth: Used for loop detection, use 0 * @depth: Used for loop detection, use 0
@@ -13700,6 +13700,7 @@ xmlParseBalancedChunkMemoryRecover(xmlDocPtr doc, xmlSAXHandlerPtr sax,
} else { } else {
xmlCtxtUseOptionsInternal(ctxt, XML_PARSE_NODICT, NULL); xmlCtxtUseOptionsInternal(ctxt, XML_PARSE_NODICT, NULL);
} }
/* doc == NULL is only supported for historic reasons */
if (doc != NULL) { if (doc != NULL) {
newDoc->intSubset = doc->intSubset; newDoc->intSubset = doc->intSubset;
newDoc->extSubset = doc->extSubset; newDoc->extSubset = doc->extSubset;
@@ -13716,6 +13717,7 @@ xmlParseBalancedChunkMemoryRecover(xmlDocPtr doc, xmlSAXHandlerPtr sax,
} }
xmlAddChild((xmlNodePtr) newDoc, newRoot); xmlAddChild((xmlNodePtr) newDoc, newRoot);
nodePush(ctxt, newRoot); nodePush(ctxt, newRoot);
/* doc == NULL is only supported for historic reasons */
if (doc == NULL) { if (doc == NULL) {
ctxt->myDoc = newDoc; ctxt->myDoc = newDoc;
} else { } else {
@@ -13785,6 +13787,7 @@ xmlParseBalancedChunkMemoryRecover(xmlDocPtr doc, xmlSAXHandlerPtr sax,
xmlFreeParserCtxt(ctxt); xmlFreeParserCtxt(ctxt);
newDoc->intSubset = NULL; newDoc->intSubset = NULL;
newDoc->extSubset = NULL; newDoc->extSubset = NULL;
/* This leaks the namespace list if doc == NULL */
newDoc->oldNs = NULL; newDoc->oldNs = NULL;
xmlFreeDoc(newDoc); xmlFreeDoc(newDoc);