[ expat-Bugs-549014 ] May cause memory error in dtdCopy.

noreply@sourceforge.net noreply@sourceforge.net
Fri May 3 11:58:02 2002 

Bugs item #549014, was opened at 2002-04-26 06:51
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=110127&aid=549014&group_id=10127

Category: None
Group: None
Status: Open
Resolution: None
Priority: 6
Submitted By: Jun Huang (huangjun_se)
Assigned to: Nobody/Anonymous (nobody)
Summary: May cause memory error in dtdCopy.

Initial Comment:
This problem may not a bug.If not ,I want somebody to
tell me how to use the XML_ExternalEntityParserCreate
and XML_ParserFree.Thank you.

In function "dtdCopy",there is a comment "/* Don't want
deep copying for scaffolding */".I don't understand
it's meaning.But the following code set
oldDtd->scaffIndex to newDtd->scaffIndex.I found it may
cause a memory error.
If a parentParser has allocated the memory pointed by
scaffIndex,I use XML_ExternalEntityParserCreate to
create a subParser.So the subParser will get the
scaffIndex of the parentParser.And then I call
XML_ParserFree to free the subParser,it will free the
memory pointed by scaffIndex of the subParser.But the
scaffIndex of the parentParser still pointed the memory
freed.Then if the following code visit the memory
pointed by the scaffIndex
,it will cause a memory error.



----------------------------------------------------------------------

>Comment By: Karl Waclawek (kwaclaw)
Date: 2002-05-03 14:57

Message:
Logged In: YES 
user_id=290026

Looking closer at the code: dtdCopy will only be called
for a child parser, if the entity is a general entity,
not a parameter entity. dtd.scaffold will only be used
when the parser is processing the external or internal
subset, which always happens *before* any general external
entity is processed. So, by planning (or coincidence <g>) 
dtd.scaffold will not get used after being freed as 
described.

However, we still have a dangling pointer, which should
be set to null.

Karl

----------------------------------------------------------------------

Comment By: Karl Waclawek (kwaclaw)
Date: 2002-05-03 12:37

Message:
Logged In: YES 
user_id=290026

It seems your observation is correct.
This can cause memory errors.
I am just curious why I haven't seen them yet.

Karl

----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=110127&aid=549014&group_id=10127