Commit 5e1365a9 authored by Tom Lane's avatar Tom Lane

Fix null-dereference crash in parse_xml_decl().

parse_xml_decl's header comment says you can pass NULL for any unwanted
output parameter, but it failed to honor this contract for the "standalone"
flag.  The only currently-affected caller is xml_recv, so the net effect is
that sending a binary XML value containing a standalone parameter in its
xml declaration would crash the backend.  Per bug #6044 from Christopher
Dillard.

In passing, remove useless initializations of parse_xml_decl's output
parameters in xml_parse.

Back-patch to 8.3, where this code was introduced.
parent 4c60a775
...@@ -1067,13 +1067,15 @@ parse_xml_decl(const xmlChar *str, size_t *lenp, ...@@ -1067,13 +1067,15 @@ parse_xml_decl(const xmlChar *str, size_t *lenp,
if (xmlStrncmp(p, (xmlChar *) "'yes'", 5) == 0 || if (xmlStrncmp(p, (xmlChar *) "'yes'", 5) == 0 ||
xmlStrncmp(p, (xmlChar *) "\"yes\"", 5) == 0) xmlStrncmp(p, (xmlChar *) "\"yes\"", 5) == 0)
{ {
*standalone = 1; if (standalone)
*standalone = 1;
p += 5; p += 5;
} }
else if (xmlStrncmp(p, (xmlChar *) "'no'", 4) == 0 || else if (xmlStrncmp(p, (xmlChar *) "'no'", 4) == 0 ||
xmlStrncmp(p, (xmlChar *) "\"no\"", 4) == 0) xmlStrncmp(p, (xmlChar *) "\"no\"", 4) == 0)
{ {
*standalone = 0; if (standalone)
*standalone = 0;
p += 4; p += 4;
} }
else else
...@@ -1218,8 +1220,8 @@ xml_parse(text *data, XmlOptionType xmloption_arg, bool preserve_whitespace, ...@@ -1218,8 +1220,8 @@ xml_parse(text *data, XmlOptionType xmloption_arg, bool preserve_whitespace,
{ {
int res_code; int res_code;
size_t count; size_t count;
xmlChar *version = NULL; xmlChar *version;
int standalone = -1; int standalone;
res_code = parse_xml_decl(utf8string, res_code = parse_xml_decl(utf8string,
&count, &version, NULL, &standalone); &count, &version, NULL, &standalone);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment