I hit an issue that causes a crash when using
xmlParseBalancedChunkMemory with data that contains an entity.
i.e. <test><data> </data></test>
The xmlDocPtr passed in to the function does contain the entity
declarations btw
When the entity is parsed a call to xmlParseBalancedChunkInternal is
made with the context created from xmlParseBalancedChunkMemory which has
a temporary myDoc property. The content is cretated as being owned by
the temporary doc.
The temporary doc from the top level xmlParseBalancedChunkMemory is
freed leaving the created list from when the entity was parsed with an
invalid pointer which ultimately causes a crash when the structure is freed.
Attached patch just sets the owning doc for the list to the same one
that owns the parent entity if not so already.
No issues ever with dict as the dict from the original doc is passed
along in each of the new contexts.
Rob
diff --git "a/parser_HEAD.c" "b/parser.c"
index d1c7888..9ab8641 100644
--- "a/parser_HEAD.c"
+++ "b/parser.c"
@@ -6992,6 +6992,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
ent->owner = 1;
while (list != NULL) {
list->parent = (xmlNodePtr) ent;
+ xmlSetTreeDoc(list, ent->doc);
if (list->next == NULL)
ent->last = list;
list = list->next;
_______________________________________________
xml mailing list, project page http://xmlsoft.org/
xml@gnome.org
http://mail.gnome.org/mailman/listinfo/xml
