projects / users / simon / postgres.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d132419)
Guard against possible double free during error escape from XML
authorTom Lane <tgl@sss.pgh.pa.us>
Sat, 13 Oct 2007 20:46:47 +0000 (20:46 +0000)
committerTom Lane <tgl@sss.pgh.pa.us>
Sat, 13 Oct 2007 20:46:47 +0000 (20:46 +0000)
functions.  Patch for the reported issue from Kris Jurka, some
other potential trouble spots plugged by Tom.

src/backend/utils/adt/xml.c patch | blob | blame | history

diff --git a/src/backend/utils/adt/xml.c b/src/backend/utils/adt/xml.c
index 2a5dfb2690966b5011528387113d90bd925bcb34..af21d331342b70be1320b67784db924ac1290330 100644 (file)
--- a/src/backend/utils/adt/xml.c
+++ b/src/backend/utils/adt/xml.c
@@ -774,13 +774,17 @@ xmlvalidate(PG_FUNCTION_ARGS)
 #if 0
                if (uri)
                        xmlFreeURI(uri);
+               uri = NULL;
 #endif
                if (dtd)
                        xmlFreeDtd(dtd);
+               dtd = NULL;
                if (doc)
                        xmlFreeDoc(doc);
+               doc = NULL;
                if (ctxt)
                        xmlFreeParserCtxt(ctxt);
+               ctxt = NULL;
                xmlCleanupParser();
        }
        PG_CATCH();
@@ -1163,13 +1167,13 @@ xml_parse(text *data, XmlOptionType xmloption_arg, bool preserve_whitespace, xml
 
                if (ctxt)
                        xmlFreeParserCtxt(ctxt);
+               ctxt = NULL;
                xmlCleanupParser();
        }
        PG_CATCH();
        {
                if (doc)
                        xmlFreeDoc(doc);
-               doc = NULL;
                if (ctxt)
                        xmlFreeParserCtxt(ctxt);
                xmlCleanupParser();
@@ -3203,10 +3207,12 @@ xpath(PG_FUNCTION_ARGS)
                                                "invalid XPath expression"); /* TODO: show proper XPath error details */
 
                xpathobj = xmlXPathCompiledEval(xpathcomp, xpathctx);
-               xmlXPathFreeCompExpr(xpathcomp);
                if (xpathobj == NULL)
                        ereport(ERROR, (errmsg("could not create XPath object"))); /* TODO: reason? */
 
+               xmlXPathFreeCompExpr(xpathcomp);
+               xpathcomp = NULL;
+
                /* return empty array in cases when nothing is found */
                if (xpathobj->nodesetval == NULL)
                        res_nitems = 0;
@@ -3225,9 +3231,13 @@ xpath(PG_FUNCTION_ARGS)
                        }
 
                xmlXPathFreeObject(xpathobj);
+               xpathobj = NULL;
                xmlXPathFreeContext(xpathctx);
-               xmlFreeParserCtxt(ctxt);
+               xpathctx = NULL;
                xmlFreeDoc(doc);
+               doc = NULL;
+               xmlFreeParserCtxt(ctxt);
+               ctxt = NULL;
                xmlCleanupParser();
        }
        PG_CATCH();
Simon's dev repository