git.postgresql.org Git - postgresql.git/commitdiff

git projects / postgresql.git / commitdiff

Fix null-dereference crash in parse_xml_decl().

2011年5月28日 16:36:04 +0000 (12:36 -0400)

2011年5月28日 16:36:30 +0000 (12:36 -0400)

parse_xml_decl's header comment says you can pass NULL for any unwanted
output parameter, but it failed to honor this contract for the "standalone"
flag. The only currently-affected caller is xml_recv, so the net effect is
that sending a binary XML value containing a standalone parameter in its
xml declaration would crash the backend. Per bug #6044 from Christopher
Dillard.

In passing, remove useless initializations of parse_xml_decl's output
parameters in xml_parse.

Back-patch to 8.3, where this code was introduced.

src/backend/utils/adt/xml.c patch | blob | blame | history

diff --git a/src/backend/utils/adt/xml.c b/src/backend/utils/adt/xml.c

index eaf5b4d550274a4692d6ef34ecb877cf9f631e5d..0c0d3554c3285ea0e5bca3af17ef2e6cd12e0cd9 100644 (file)

--- a/src/backend/utils/adt/xml.c

+++ b/src/backend/utils/adt/xml.c

@@ -1067,13 +1067,15 @@ parse_xml_decl(const xmlChar *str, size_t *lenp,

if (xmlStrncmp(p, (xmlChar *) "'yes'", 5) == 0 ||

xmlStrncmp(p, (xmlChar *) "\"yes\"", 5) == 0)

{

- *standalone = 1;

+ if (standalone)

+ *standalone = 1;

p += 5;

}

else if (xmlStrncmp(p, (xmlChar *) "'no'", 4) == 0 ||

xmlStrncmp(p, (xmlChar *) "\"no\"", 4) == 0)

{

- *standalone = 0;

+ if (standalone)

+ *standalone = 0;

p += 4;

}

else

@@ -1217,8 +1219,8 @@ xml_parse(text *data, XmlOptionType xmloption_arg, bool preserve_whitespace,

{

int res_code;

size_t count;

- xmlChar *version = NULL;

- int standalone = -1;

+ xmlChar *version;

+ int standalone;

res_code = parse_xml_decl(utf8string,

&count, &version, NULL, &standalone);

This is the main PostgreSQL git repository.

RSS Atom