mirror/postgresql
2
0
Fork 0
mirror of https://git.postgresql.org/git/postgresql.git synced 2024-11-27 07:21:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix null-dereference crash in parse_xml_decl().

Browse Source 
parse_xml_decl's header comment says you can pass NULL for any unwanted
output parameter, but it failed to honor this contract for the "standalone"
flag.  The only currently-affected caller is xml_recv, so the net effect is
that sending a binary XML value containing a standalone parameter in its
xml declaration would crash the backend.  Per bug #6044 from Christopher
Dillard.

In passing, remove useless initializations of parse_xml_decl's output
parameters in xml_parse.

Back-patch to 8.3, where this code was introduced.
This commit is contained in:
Tom Lane 2011-05-28 12:36:04 -04:00
parent f014211849
commit f064a4f263
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/backend/utils/adt/xml.c
View File

@ -1104,13 +1104,15 @@ parse_xml_decl(const xmlChar *str, size_t *lenp,
if (xmlStrncmp(p, (xmlChar *) "'yes'", 5) == 0 ||
xmlStrncmp(p, (xmlChar *) "\"yes\"", 5) == 0)
{
*standalone = 1;
if (standalone)
*standalone = 1;
p += 5;
}
else if (xmlStrncmp(p, (xmlChar *) "'no'", 4) == 0 ||
xmlStrncmp(p, (xmlChar *) "\"no\"", 4) == 0)
{
*standalone = 0;
if (standalone)
*standalone = 0;
p += 4;
}
else
@ -1254,8 +1256,8 @@ xml_parse(text *data, XmlOptionType xmloption_arg, bool preserve_whitespace,
{
int res_code;
size_t count;
xmlChar *version = NULL;
int standalone = -1;
xmlChar *version;
int standalone;
res_code = parse_xml_decl(utf8string,
&count, &version, NULL, &standalone);