shaba/libxml2
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/libxml2.git synced 2024-10-26 20:25:14 +03:00
Code Releases Activity

512131 crash in xmlRelaxNGValidateFullElement

Browse Source 
* relaxng.c: in some case we were not freeing the right data, also
  cleanup a few other things
This commit is contained in:
Daniel Veillard 2009-08-14 16:16:31 +02:00
parent 7459c595a0
commit 9fcd462f27
1 changed files with 10 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
relaxng.c
View File

@ -1006,7 +1006,7 @@ xmlRelaxNGNewStates(xmlRelaxNGValidCtxtPtr ctxt, int size)
xmlRelaxNGStatesPtr ret; xmlRelaxNGStatesPtr ret;
if ((ctxt != NULL) && if ((ctxt != NULL) &&
(ctxt->freeState != NULL) && (ctxt->freeStatesNr > 0)) { (ctxt->freeStates != NULL) && (ctxt->freeStatesNr > 0)) {
ctxt->freeStatesNr--; ctxt->freeStatesNr--;
ret = ctxt->freeStates[ctxt->freeStatesNr]; ret = ctxt->freeStates[ctxt->freeStatesNr];
ret->nbState = 0; ret->nbState = 0;
@ -8345,7 +8345,7 @@ xmlRelaxNGValidateFullElement(xmlRelaxNGValidCtxtPtr ctxt,
ret = -1; ret = -1;
else else
ret = 1; ret = 1;
xmlRelaxNGFreeValidState(ctxt, state); xmlRelaxNGFreeValidState(ctxt, ctxt->state);
ctxt->state = NULL; ctxt->state = NULL;
#ifdef DEBUG_PROGRESSIVE #ifdef DEBUG_PROGRESSIVE
if (ret < 0) if (ret < 0)
@ -9323,6 +9323,7 @@ xmlRelaxNGValidateInterleave(xmlRelaxNGValidCtxtPtr ctxt,
oldstate = oldstate =
ctxt->states->tabState[ctxt->states->nbState - 1]; ctxt->states->tabState[ctxt->states->nbState - 1];
ctxt->states->tabState[ctxt->states->nbState - 1] = NULL; ctxt->states->tabState[ctxt->states->nbState - 1] = NULL;
ctxt->states->nbState--;
} }
} }
for (j = 0; j < ctxt->states->nbState ; j++) { for (j = 0; j < ctxt->states->nbState ; j++) {
@ -9878,8 +9879,8 @@ xmlRelaxNGValidateState(xmlRelaxNGValidCtxtPtr ctxt,
} }
for (i = 0; i < ctxt->states->nbState; i++) { for (i = 0; i < ctxt->states->nbState; i++) {
xmlRelaxNGFreeValidState(ctxt, xmlRelaxNGFreeValidState(ctxt,
ctxt->states-> ctxt->states->tabState[i]);
tabState[i]); ctxt->states->tabState[i] = NULL;
} }
xmlRelaxNGFreeStates(ctxt, ctxt->states); xmlRelaxNGFreeStates(ctxt, ctxt->states);
ctxt->flags = oldflags; ctxt->flags = oldflags;
@ -10001,11 +10002,8 @@ xmlRelaxNGValidateState(xmlRelaxNGValidCtxtPtr ctxt,
} else { } else {
for (j = 0; j < ctxt->states->nbState; j++) { for (j = 0; j < ctxt->states->nbState; j++) {
xmlRelaxNGAddStates(ctxt, res, xmlRelaxNGAddStates(ctxt, res,
xmlRelaxNGCopyValidState(ctxt, xmlRelaxNGCopyValidState(ctxt,
ctxt-> ctxt->states->tabState[j]));
states->
tabState
[j]));
} }
} }
oldflags = ctxt->flags; oldflags = ctxt->flags;
@ -10034,10 +10032,7 @@ xmlRelaxNGValidateState(xmlRelaxNGValidCtxtPtr ctxt,
j++) { j++) {
tmp = tmp =
xmlRelaxNGAddStates(ctxt, res, xmlRelaxNGAddStates(ctxt, res,
ctxt-> ctxt->states->tabState[j]);
states->
tabState
[j]);
if (tmp == 1) if (tmp == 1)
progress = 1; progress = 1;
} }
@ -10071,9 +10066,7 @@ xmlRelaxNGValidateState(xmlRelaxNGValidCtxtPtr ctxt,
} else if (ctxt->states != NULL) { } else if (ctxt->states != NULL) {
for (j = 0; j < ctxt->states->nbState; j++) { for (j = 0; j < ctxt->states->nbState; j++) {
tmp = xmlRelaxNGAddStates(ctxt, res, tmp = xmlRelaxNGAddStates(ctxt, res,
ctxt-> ctxt->states->tabState[j]);
states->
tabState[j]);
if (tmp == 1) if (tmp == 1)
progress = 1; progress = 1;
} }
@ -10111,8 +10104,7 @@ xmlRelaxNGValidateState(xmlRelaxNGValidCtxtPtr ctxt,
for (i = base; i < res->nbState; i++) for (i = base; i < res->nbState; i++)
xmlRelaxNGAddStates(ctxt, states, xmlRelaxNGAddStates(ctxt, states,
xmlRelaxNGCopyValidState xmlRelaxNGCopyValidState
(ctxt, (ctxt, res->tabState[i]));
res->tabState[i]));
ctxt->states = states; ctxt->states = states;
} }
} }