#138 Fix for Bug #476929 does not work

closed-works-for-me
None
7
2002-04-23
2002-04-20
No

The patch modification gives me null pointer errors.
The original patch has been modified when the bug was
closed.

The modified patch looks like this:

<snippet>
if (elementType->prefix) {
binding = elementType->prefix->binding;
if (!binding)
return XML_ERROR_NONE;
localPart = tagNamePtr->str;
while (*localPart++ != XML_T(':'))
;
}
else if (dtd.defaultPrefix.binding) {
binding = dtd.defaultPrefix.binding;
localPart = tagNamePtr->str;
}
else
localPart = NULL;
if (ns && ns_triplets && binding->prefix->name) {
for (prefixLen = 0; binding->prefix->name
[prefixLen++];)
;
n += prefixLen;
}
else
return XML_ERROR_NONE;
tagNamePtr->localPart = localPart;
tagNamePtr->uriLen = binding->uriLen;
for (i = 0; localPart[i++];)
;
n = i + binding->uriLen;
if (n > binding->uriAlloc) {...
</snippet>

The patch code "if (ns && ns_triplets && binding-
>prefix->name) ..."
has no effect, since the value assigned to n will be
discarded by
the later assignment n = i + binding->uriLen;
It also seems that it is possible that the loop "for
(i = 0; localPart[i++];)"
will be executed against a NULLed localpart. This may
be the error,
but I haven't run it through the debugger yet, since
debugging a VC++ DLL
that is used by a non-C++ program requires some effort.

The original patch looks like this:

<snippet>
if (elementType->prefix) {
binding = elementType->prefix->binding;
if (!binding)
return XML_ERROR_NONE;
localPart = tagNamePtr->str;
while (*localPart++ != XML_T(':'))
;
}
else if (dtd.defaultPrefix.binding) {
binding = dtd.defaultPrefix.binding;
localPart = tagNamePtr->str;
}
else
return XML_ERROR_NONE;
tagNamePtr->localPart = localPart;
tagNamePtr->uriLen = binding->uriLen;
for (i = 0; localPart[i++];)
;
n = i + binding->uriLen;
//kw1 - added the following 5 lines for NS_Triplets
handling
if (ns && ns_triplets && binding->prefix->name) {
for (prefixLen = 0; binding->prefix->name
[prefixLen++];)
;
n += prefixLen;
}
if (n > binding->uriAlloc) { ...
</snippet>

I think the problem revolves around: Why does the new
code
continue on where the old code returns - see return
XML_ERROR_NONE;

Discussion

  • Fred L. Drake, Jr.

    • priority: 5 --> 7
    • assigned_to: nobody --> fdrake
     
  • Karl Waclawek

    Karl Waclawek - 2002-04-23

    Logged In: YES
    user_id=290026

    Fixed with expat.h rev. 1.16, xmlparse.c rev. 1.28.

     
  • Karl Waclawek

    Karl Waclawek - 2002-04-23
    • status: open --> closed-works-for-me
     

Log in to post a comment.