Hi,
I use mpatrol to find some memory problem like memleak, or double free.
I found that the libexpat try to do a memcpy on a null pointer at
expat-lite/xmlparse.c:3249, because the pool->start is null (in fact all
members of pool is set to zero).
The firest patch is to correct the memcpy with a NULL pointer address source.
The second and third patch is to correct a free on a NULL pointer.
Luc
--- expat-lite/xmlparse.c.orig Wed Mar 13 21:36:11 2002
+++ expat-lite/xmlparse.c Wed Mar 13 21:32:56 2002
@@ -3246,7 +3246,8 @@
tem->size = blockSize;
tem->next = pool->blocks;
pool->blocks = tem;
- memcpy(tem->s, pool->start, (pool->ptr - pool->start) * sizeof(XML_Char));
+ if (pool->start)
+ memcpy(tem->s, pool->start, (pool->ptr - pool->start) * sizeof(XML_Char));
pool->ptr = tem->s + (pool->ptr - pool->start);
pool->start = tem->s;
pool->end = tem->s + blockSize;
--- expat-lite/hashtable.c.orig Wed Mar 13 21:41:06 2002
+++ expat-lite/hashtable.c Wed Mar 13 21:41:17 2002
@@ -122,7 +122,8 @@
if (p)
free(p);
}
- free(table->v);
+ if (table->v)
+ free(table->v);
}
void hashTableInit(HASH_TABLE *p)
--- expat-lite/xmlparse.c.orig Wed Mar 13 21:45:04 2002
+++ expat-lite/xmlparse.c Wed Mar 13 21:47:47 2002
@@ -615,10 +615,13 @@
poolDestroy(&temp2Pool);
dtdDestroy(&dtd);
free((void *)atts);
- free(groupConnector);
- free(buffer);
+ if (groupConnector)
+ free(groupConnector);
+ if (buffer)
+ free(buffer);
free(dataBuf);
- free(unknownEncodingMem);
+ if (unknownEncodingMem)
+ free(unknownEncodingMem);
if (unknownEncodingRelease)
unknownEncodingRelease(unknownEncodingData);
free(parser);
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Mar 14 09:26:46 2002