Hi,
Recently we performed failure testing on libxml, that is we simulated malloc
failures to see how libxml behaved in that scenario. As a result of the
testing we found a number of memory leaks and some crashes. Something like
the following in function xmlNewBlanksWrapperInputStream
Snippet of the code
input = xmlNewInputStream(ctxt);
if (input == NULL) {
return(NULL);
}
length = xmlStrlen(entity->name) + 5;
buffer = xmlMallocAtomic(length);
if (buffer == NULL) {
xmlErrMemory(ctxt, NULL);
return(NULL);
}
Here I believe if the malloc fails for buffer, there will be a memleak for
input..
Or another example in function xmlParseEntityDecl-
if ((ctxt->myDoc == NULL) ||
(xmlStrEqual(ctxt->myDoc->version, SAX_COMPAT_MODE))) {
if (ctxt->myDoc == NULL) {
ctxt->myDoc = xmlNewDoc(SAX_COMPAT_MODE);
}
if (ctxt->myDoc->intSubset == NULL)
ctxt->myDoc->intSubset = xmlNewDtd(ctxt->myDoc,
If malloc fails inside xmlNewDoc, there will be a crash on the subsequent
line.
There are other similar problems, so I was wondering if there is
an assumption that malloc failure will not occur since it is a rare
occurrence. Or does corrective action need to be taken wherever it occurs in
the failure path.
Thanks in advance!!
Regards
Ashwin
_______________________________________________
xml mailing list, project page http://xmlsoft.org/
[email protected]
http://mail.gnome.org/mailman/listinfo/xml
