From 77559473c1ca1b97af55d9eedf3c27fe810463e3 Mon Sep 17 00:00:00 2001 From: Yoichi NAKAYAMA Date: Fri, 6 Apr 2012 23:21:18 +0900 Subject: [PATCH] Remove possibility of access violation. 1. Test Instr before dereference it in http_RecvPostMessage. (Though it never becomes NULL because NULL is not passed to the static method) 2. Avoid strdup(NULL) in ixmlElement_setAttributeNS. Those are detected by llvm scan-build. (cherry picked from commit a383cbb8e20545222880f064a5b27c15abbf9280) --- ChangeLog | 10 ++++++++++ ixml/src/element.c | 13 ++++++++----- upnp/src/genlib/net/http/webserver.c | 2 +- 3 files changed, 19 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index b9e3926..eefe45c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -332,6 +332,16 @@ Version 1.8.0 Version 1.6.18 ******************************************************************************* +2012-04-06 Yoichi NAKAYAMA + + Remove possibility of access violation. + + 1. Test Instr before dereference it in http_RecvPostMessage. + (Though it never becomes NULL because NULL is not passed to + the static method) + 2. Avoid strdup(NULL) in ixmlElement_setAttributeNS. + Those are detected by llvm scan-build. + 2012-04-05 Yoichi NAKAYAMA SF Bug Tracker id 3507819 - Use of thread-unsafe gmtime() in httpreadwrite.c diff --git a/ixml/src/element.c b/ixml/src/element.c index d000090..915c9de 100644 --- a/ixml/src/element.c +++ b/ixml/src/element.c @@ -455,11 +455,14 @@ int ixmlElement_setAttributeNS( free(attrNode->prefix); } /* replace it with the new prefix */ - attrNode->prefix = strdup( newAttrNode.prefix ); - if (attrNode->prefix == NULL) { - Parser_freeNodeContent(&newAttrNode); - return IXML_INSUFFICIENT_MEMORY; - } + if (newAttrNode.prefix != NULL) { + attrNode->prefix = strdup( newAttrNode.prefix ); + if (attrNode->prefix == NULL) { + Parser_freeNodeContent(&newAttrNode); + return IXML_INSUFFICIENT_MEMORY; + } + } else + attrNode->prefix = newAttrNode.prefix; if (attrNode->nodeValue != NULL) { free(attrNode->nodeValue); diff --git a/upnp/src/genlib/net/http/webserver.c b/upnp/src/genlib/net/http/webserver.c index c0bb064..eb2294e 100644 --- a/upnp/src/genlib/net/http/webserver.c +++ b/upnp/src/genlib/net/http/webserver.c @@ -1443,7 +1443,7 @@ static int http_RecvPostMessage( &parser->msg.msg.buf[parser->entity_start_position + entity_offset], Data_Buf_Size); entity_offset += Data_Buf_Size; - if (Instr->IsVirtualFile) { + if (Instr && Instr->IsVirtualFile) { int n = virtualDirCallback.write(Fp, Buf, Data_Buf_Size); if (n < 0) { ret_code = HTTP_INTERNAL_SERVER_ERROR;