From 5e1365a9650678a531106120e40676a9417971f1 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Sat, 28 May 2011 12:36:04 -0400 Subject: [PATCH] Fix null-dereference crash in parse_xml_decl(). parse_xml_decl's header comment says you can pass NULL for any unwanted output parameter, but it failed to honor this contract for the "standalone" flag. The only currently-affected caller is xml_recv, so the net effect is that sending a binary XML value containing a standalone parameter in its xml declaration would crash the backend. Per bug #6044 from Christopher Dillard. In passing, remove useless initializations of parse_xml_decl's output parameters in xml_parse. Back-patch to 8.3, where this code was introduced. --- src/backend/utils/adt/xml.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/backend/utils/adt/xml.c b/src/backend/utils/adt/xml.c index ee82d4616c6..702b9e3e9f4 100644 --- a/src/backend/utils/adt/xml.c +++ b/src/backend/utils/adt/xml.c @@ -1067,13 +1067,15 @@ parse_xml_decl(const xmlChar *str, size_t *lenp, if (xmlStrncmp(p, (xmlChar *) "'yes'", 5) == 0 || xmlStrncmp(p, (xmlChar *) "\"yes\"", 5) == 0) { - *standalone = 1; + if (standalone) + *standalone = 1; p += 5; } else if (xmlStrncmp(p, (xmlChar *) "'no'", 4) == 0 || xmlStrncmp(p, (xmlChar *) "\"no\"", 4) == 0) { - *standalone = 0; + if (standalone) + *standalone = 0; p += 4; } else @@ -1218,8 +1220,8 @@ xml_parse(text *data, XmlOptionType xmloption_arg, bool preserve_whitespace, { int res_code; size_t count; - xmlChar *version = NULL; - int standalone = -1; + xmlChar *version; + int standalone; res_code = parse_xml_decl(utf8string, &count, &version, NULL, &standalone); -- 2.30.2