diff options
| author | Nick Wellnhofer <wellnhofer@aevum.de> | 2012-10-10 12:09:36 +0200 |
|---|---|---|
| committer | Nick Wellnhofer <wellnhofer@aevum.de> | 2012-10-10 12:13:19 +0200 |
| commit | 6c99c519d97e5fcbec7a9537d190efb442e4e833 (patch) | |
| tree | 6c9d0711f47576aa957b68becb64fec68eb676f8 | |
| parent | ad0e36fdfe1a1ecc1ec76e636bbdc3ee39172b03 (diff) | |
| download | libxslt-6c99c519d97e5fcbec7a9537d190efb442e4e833.tar.gz libxslt-6c99c519d97e5fcbec7a9537d190efb442e4e833.tar.bz2 libxslt-6c99c519d97e5fcbec7a9537d190efb442e4e833.zip | |
Crash when passing an uninitialized variable to document()
https://bugzilla.gnome.org/show_bug.cgi?id=685330
Missing check for NULL
| -rw-r--r-- | libxslt/functions.c | 5 | ||||
| -rw-r--r-- | tests/docs/Makefile.am | 1 | ||||
| -rw-r--r-- | tests/docs/bug-180.xml | 2 | ||||
| -rw-r--r-- | tests/general/Makefile.am | 1 | ||||
| -rw-r--r-- | tests/general/bug-180.err | 4 | ||||
| -rw-r--r-- | tests/general/bug-180.out | 0 | ||||
| -rw-r--r-- | tests/general/bug-180.xsl | 8 |
7 files changed, 19 insertions, 2 deletions
diff --git a/libxslt/functions.c b/libxslt/functions.c index ed2c1635..c754994e 100644 --- a/libxslt/functions.c +++ b/libxslt/functions.c @@ -260,7 +260,7 @@ xsltDocumentFunction(xmlXPathParserContextPtr ctxt, int nargs) obj = valuePop(ctxt); ret = xmlXPathNewNodeSet(NULL); - if (obj->nodesetval) { + if ((obj != NULL) && obj->nodesetval) { for (i = 0; i < obj->nodesetval->nodeNr; i++) { valuePush(ctxt, xmlXPathNewNodeSet(obj->nodesetval->nodeTab[i])); @@ -280,7 +280,8 @@ xsltDocumentFunction(xmlXPathParserContextPtr ctxt, int nargs) } } - xmlXPathFreeObject(obj); + if (obj != NULL) + xmlXPathFreeObject(obj); if (obj2 != NULL) xmlXPathFreeObject(obj2); valuePush(ctxt, ret); diff --git a/tests/docs/Makefile.am b/tests/docs/Makefile.am index 59487a60..c5dad4c5 100644 --- a/tests/docs/Makefile.am +++ b/tests/docs/Makefile.am @@ -178,6 +178,7 @@ EXTRA_DIST = \ bug-177.xml \ bug-178.xml \ bug-179.xml \ + bug-180.xml \ character.xml \ array.xml \ items.xml diff --git a/tests/docs/bug-180.xml b/tests/docs/bug-180.xml new file mode 100644 index 00000000..2ca0eba5 --- /dev/null +++ b/tests/docs/bug-180.xml @@ -0,0 +1,2 @@ +<doc/> + diff --git a/tests/general/Makefile.am b/tests/general/Makefile.am index 762eca9f..0c2ef307 100644 --- a/tests/general/Makefile.am +++ b/tests/general/Makefile.am @@ -187,6 +187,7 @@ EXTRA_DIST = \ bug-177.out bug-177.xsl \ bug-178.out bug-178.xsl \ bug-179.out bug-179.xsl \ + bug-180.out bug-180.xsl bug-180.err \ character.out character.xsl \ character2.out character2.xsl \ itemschoose.out itemschoose.xsl \ diff --git a/tests/general/bug-180.err b/tests/general/bug-180.err new file mode 100644 index 00000000..e45b36e8 --- /dev/null +++ b/tests/general/bug-180.err @@ -0,0 +1,4 @@ +runtime error: file ./bug-180.xsl line 4 element copy-of +Variable 'xxx' has not been declared. +XPath error : Stack usage errror +xmlXPathCompiledEval: 1 objects left on the stack. diff --git a/tests/general/bug-180.out b/tests/general/bug-180.out new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/tests/general/bug-180.out diff --git a/tests/general/bug-180.xsl b/tests/general/bug-180.xsl new file mode 100644 index 00000000..652d9fc5 --- /dev/null +++ b/tests/general/bug-180.xsl @@ -0,0 +1,8 @@ +<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0"> + + <xsl:template match="/"> + <xsl:copy-of select=" * | document($xxx) "/> + </xsl:template> + +</xsl:stylesheet> + |