#7 Empty parameter causes segment. fault
The Linux UPnP SDK causes a segmentation fault and
crashs if I pass an empty parameter from Internet
Explorer to the Linux device in this line of code:
---
value2 = SampleUtil_GetFirstDocumentItem(ca_event-
>ActionRequest, "Value")
---
This is the VBScript function that causes the failure:
function SetIapParameter(name,value)
---
Dim inArgs(2)
Dim outArgs(0)
' the next line enabled bypasses the problem
' if value="" then value="n/a"
inArgs(0) = name
inArgs(1) = value
IapConfigService.InvokeAction "SetParameter",
inArgs, outArgs
end function
---
This the output of the device that is derived from the
sample code. You can see that the 'Value' parameter is
incorrectly passed:
---
UPNP_CONTROL_ACTION_REQUEST
ErrCode = 0
ErrStr =
ActionName = SetParameter
UDN = uuid:Upnp-ylezIAP-0.1-1234567890001
ServiceID = urn:upnp-org:serviceId:iapconfig1
ActRequest = <m:SetParameter xmlns:m="urn:schemas-
upnp-org:service:iapconfig:1">
<Name xmlns:dt="urn:schemas-microsoft-com:datatypes"
dt:dt="string">Broadcast<
/Name>
<Value xmlns:dt="urn:schemas-microsoft-
com:datatypes" dt:dt="string"/>
</m:SetParameter>
---
Logged In: YES
user_id=1477005
this can be solved with this patch to ixml/src/ixmplarser.c
2343a2344,2346
> }else { //empty atribute like a="", this is accessed
on other places, so there must be something
> node->nodeValue = malloc(sizeof(char));
> *(node->nodeValue) = '\0';
2345c2348
< // if attribute doesn't have value, like a="", fine
---
>
i checked it with libduma, it creates no memory leaks and
libupnp works like without this.