SF Bug Tracker id 3175217 - Crash bug in Parser_addNamespace()

Submitted: Terry Farnham ( tfarnham ) - 2011-02-07 09:25:25 PST Details: The strcmp(pNode->prefix,pCur->prefix) crashes on pCur->prefix being NULL. This occurs on invalidly formatted xml where a node uses an undefined namespace. I would expect to receive IXML_FAILED in this situation. (cherry picked from commit 2fb791c9bb)
2012-03-08 13:51:29 -03:00 · 2012-03-08 13:51:29 -03:00 · 027ce49600
commit 027ce49600
parent 5373ed560a
2 changed files with 12 additions and 0 deletions
--- a/11
+++ b/11
@ -318,6 +318,17 @@ Version 1.8.0
 Version 1.6.16
 *******************************************************************************
 2012-03-08 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>
 	SF Bug Tracker id 3175217 - Crash bug in Parser_addNamespace()
 	Submitted: Terry Farnham ( tfarnham ) - 2011-02-07 09:25:25 PST
 	Details: The strcmp(pNode->prefix,pCur->prefix) crashes on pCur->prefix
 	being NULL. This occurs on invalidly formatted xml where a node uses an
 	undefined namespace. I would expect to receive IXML_FAILED in this
 	situation.
 2012-03-08 Fabrice Fontaine <fabrice.fontaine(at)orange.com>
 	Removing access to NULL pointers in node.c and element.c
--- a/ixml/src/ixmlparser.c
+++ b/ixml/src/ixmlparser.c
@ -1523,6 +1523,7 @@ static int Parser_addNamespace(
 		xmlParser->pNeedPrefixNode = NULL;
 	} else {
 		if ((strcmp(pNode->nodeName, pCur->element) != 0) &&
 		    pCur->prefix &&
 		    (strcmp(pNode->prefix, pCur->prefix) != 0))
 			return IXML_FAILED;
 		namespaceUri = Parser_getNameSpace(xmlParser, pCur->prefix);