diff options
author | Gaurav <g.gupta@samsung.com> | 2013-09-11 14:59:06 +0800 |
---|---|---|
committer | Daniel Veillard <veillard@redhat.com> | 2013-09-11 14:59:06 +0800 |
commit | 2671b013d88b381d8a9139ef85381234aafc5ce0 (patch) | |
tree | b3388abc86a3bd42c28459227d19243328249f14 /xmlregexp.c | |
parent | 2205ff4b0d4a70ed986f28b27c4a2037f6f0af1f (diff) | |
download | android_external_libxml2-2671b013d88b381d8a9139ef85381234aafc5ce0.tar.gz android_external_libxml2-2671b013d88b381d8a9139ef85381234aafc5ce0.tar.bz2 android_external_libxml2-2671b013d88b381d8a9139ef85381234aafc5ce0.zip |
Fix potential NULL pointer dereferences in regexp code
https://bugzilla.gnome.org/show_bug.cgi?id=707749
Fix 3 cases where we might dereference NULL
Diffstat (limited to 'xmlregexp.c')
-rw-r--r-- | xmlregexp.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/xmlregexp.c b/xmlregexp.c index 1f9911c7..8e63d74a 100644 --- a/xmlregexp.c +++ b/xmlregexp.c @@ -3162,8 +3162,10 @@ xmlFARegExecRollBack(xmlRegExecCtxtPtr exec) { exec->status = -6; return; } - memcpy(exec->counts, exec->rollbacks[exec->nbRollbacks].counts, + if (exec->counts) { + memcpy(exec->counts, exec->rollbacks[exec->nbRollbacks].counts, exec->comp->nbCounters * sizeof(int)); + } } #ifdef DEBUG_REGEXP_EXEC @@ -4091,7 +4093,7 @@ rollback: */ exec->determinist = 0; xmlFARegExecRollBack(exec); - if (exec->status == 0) { + if ((exec->inputStack != NULL ) && (exec->status == 0)) { value = exec->inputStack[exec->index].value; data = exec->inputStack[exec->index].data; #ifdef DEBUG_PUSH @@ -4306,7 +4308,7 @@ xmlRegExecGetValues(xmlRegExecCtxtPtr exec, int err, (*nbval)++; } } else { - if ((exec->comp->states[trans->to] != NULL) && + if ((exec->comp != NULL) && (exec->comp->states[trans->to] != NULL) && (exec->comp->states[trans->to]->type != XML_REGEXP_SINK_STATE)) { if (atom->neg) |