1. Test Instr before dereference it in http_RecvPostMessage.
(Though it never becomes NULL because NULL is not passed to
the static method)
2. Avoid strdup(NULL) in ixmlElement_setAttributeNS.
Those are detected by llvm scan-build.
(cherry picked from commit a383cbb8e2)
Check return code of ixmlDocument_CreateElementEx in
ixmlDocument_CreateElement.
Check return code of ixmlNode_setNodeName and ixmlNode_setNodeValue in
ixmlNode_cloneCDATASect and ixmlNode_cloneTextNode.
(cherry picked from commit d3d17da6e5)
Comment unused SERVER from DeviceShutdown.
Comment unused max from parse_hostport.
Comment unused nodeptr from ixmlNode_cloneDoc.
Comment unused newNode from Parser_hasDefaultNamespace.
Comment unused Parser_parseReference function
Check return code of shutdown and display an error if needed.
(forward port of commit cb07623dde)
Commit d48d73720b added a bug in
ixmlNode_allowChildren, this function was returning FALSE instead of
TRUE when newChild->nodeName was eELEMENT_NODE.
(cherry picked from commit 76eb3f869b)
Replace if statements with switch when using enums in ixml.
Remove uneeded initialization in ixmlAttr_init, Parser_init and
ixmlNode_init which was added by wrongly added in commit
06660b6383.
(cherry picked from commit d48d73720b)
Submitted: Terry Farnham ( tfarnham ) - 2011-02-07 09:25:25 PST
Details: The strcmp(pNode->prefix,pCur->prefix) crashes on pCur->prefix
being NULL. This occurs on invalidly formatted xml where a node uses an
undefined namespace. I would expect to receive IXML_FAILED in this
situation.
(cherry picked from commit 2fb791c9bb)
Check that newNode is not NULL ixmlNode_cloneNodeTree and pass newAttr
as the return node in the ixmlElement_setAttributeNodeNS call of
ixmlElement_setAttributeNS.
(cherry picked from commit 9b616a08df)
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 04:54:40 PST
If ixmlNode_isParent(nodeptr, newChild) returns TRUE,
ixmlNode_removeChild(nodeptr, newChild, NULL) will free newChild before
the modifications of newChild->nextSibling and newChild->prevSibling.
(cherry picked from commit 4f34a12a83)
Submitted: zephyrus ( zephyrus00jp ) - 2012-03-07 02:31:14 PST
Details: a function is declared as
EXPORT_SPEC IXML_Document *ixmlDocument_createDocument();
This should read as follows in order to suppress strict prototype checking by GCC.
EXPORT_SPEC IXML_Document *ixmlDocument_createDocument(void);
(cherry picked from commit 9965f02727)
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-07 02:30:57 PST
attr is not freed if ixmlNode_setNodeProperties or
ixmlNode_setAttributeNode return an error in
Parser_processAttributeName.
(cherry picked from commit 268abf72fb)
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 14:20:58 PST
fileSize = ftell( xmlFilePtr ); can return a negative value, in this
case the function should exit (at the moment, the function exits only
if ftell returns 0).
(cherry picked from commit a8bcbe9491)
Submitted: Terry Farnham ( tfarnham ) - 2011-06-23 09:45:54 PDT
Details: The following bit of xml results in a memory leak from the xml
parser:
const char *xmlbuffer="<?xml version=\"1.0\" encoding=\"utf-8\"?>
<root xmlns=\"urn:schemas-upnp-org:device-1-0\" xmlns:dlna=\"urn:schemas-dlna-org:device-1-0\">
<dlna:X_DLNADOC xmlns:dlna=\"urn:schemas-dlna-org:device-1-0\">DMS-1.50</dlna:X_DLNADOC></root>";
When I execute the following code:
IXML_Document *doc = ixmlParseBuffer(xmlbuffer);
ixmlDocument_free(doc);
It results in a memory leak in ixmlparser.c line 2107 where it calls
safe_strdup( newElement->namespaceURI ); It's difficult to figure out why.
(cherry picked from commit d6f1e4112e)
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-02-29 02:09:43 PST
newAttrNode is not freed if newAttr->n.nodeValue = strdup(value); returns
NULL or if ixmlElement_setAttributeNodeNS(element, newAttr, NULL) does
not return IXML_SUCCESS.
(cherry picked from commit a79a149e6a)
Submitted: Fabrice Fontaine ( ffontaine ) - 2012-02-28 04:01:02 PST
There is a memory leak in ixmlDocument_createElementEx:
newElement->tagName is not freed if
newElement->n.nodeName = strdup(tagName); returns NULL.
(cherry picked from commit 076f8e5be6)
I discovered a reliable denial-of-service issue on the last stable
release of libupnp (1.6.6) remotely triggerable by any
unauthenticated user. The issue is related with a bad parsing of
malformed XML.
(cherry picked from commit 25a4bd6d25)
Thanks for the load of updates, I'm still assimilating them ! Could I make
a suggestion though? The addition of printNodes(IXML_Node) to upnpdebug a
dds a new dependency on ixml.h for anything using upnpdebug.h. I'm making
quite a bit of use of upnpdebug in porting things to version 1.8.0, and I'd
prefer it if printNodes could be added to ixmldebug.h instead. I'm attach
ing a patch, what do you think ?
Nick
git-svn-id: https://pupnp.svn.sourceforge.net/svnroot/pupnp/trunk@532 119443c7-1b9e-41f8-b6fc-b9c35fce742c
