Fix null-dereference crash in parse_xml_decl().

parse_xml_decl's header comment says you can pass NULL for any unwanted
output parameter, but it failed to honor this contract for the "standalone"
flag.  The only currently-affected caller is xml_recv, so the net effect is
that sending a binary XML value containing a standalone parameter in its
xml declaration would crash the backend.  Per bug #6044 from Christopher
Dillard.

In passing, remove useless initializations of parse_xml_decl's output
parameters in xml_parse.

Back-patch to 8.3, where this code was introduced.

diff --git a/src/backend/utils/adt/xml.c b/src/backend/utils/adt/xml.c
index ee82d4616c644d25ecd32876ccdac6d046d61fbf..702b9e3e9f489276e660f4677ceed37979365567 100644 (file)
--- a/src/backend/utils/adt/xml.c
+++ b/src/backend/utils/adt/xml.c
@@ -1067,13 +1067,15 @@ parse_xml_decl(const xmlChar *str, size_t *lenp,
        if (xmlStrncmp(p, (xmlChar *) "'yes'", 5) == 0 ||
            xmlStrncmp(p, (xmlChar *) "\"yes\"", 5) == 0)
        {
-           *standalone = 1;
+           if (standalone)
+               *standalone = 1;
            p += 5;
        }
        else if (xmlStrncmp(p, (xmlChar *) "'no'", 4) == 0 ||
                 xmlStrncmp(p, (xmlChar *) "\"no\"", 4) == 0)
        {
-           *standalone = 0;
+           if (standalone)
+               *standalone = 0;
            p += 4;
        }
        else
@@ -1218,8 +1220,8 @@ xml_parse(text *data, XmlOptionType xmloption_arg, bool preserve_whitespace,
        {
            int         res_code;
            size_t      count;
-           xmlChar    *version = NULL;
-           int         standalone = -1;
+           xmlChar    *version;
+           int         standalone;
 
            res_code = parse_xml_decl(utf8string,
                                      &count, &version, NULL, &standalone);