reassign 293592 libxml2
retitle 293592 libxml2: setting an namespaced attribute should be limited to
element nodes.
tag 293592 + patch
thanks
On Fri, Feb 04, 2005 at 05:02:38PM +0100, Vincent Lefevre <[EMAIL PROTECTED]>
wrote:
> Package: libxslt1.1
> Version: 1.1.8-5
> Severity: normal
>
> This XSL stylesheet is buggy, but in any case, xsltproc shouldn't
> segfault.
>
> <?xml version="1.0"?>
> <xsl:stylesheet version="1.0"
> xmlns:xsl="http://www.w3.org/1999/XSL/Transform";>
> <xsl:template match="/">
> <xsl:attribute name="xml:lang">
> <xsl:value-of select="'en'"/>
> </xsl:attribute>
> </xsl:template>
> </xsl:stylesheet>
>
> dixsept:~> xsltproc test.xsl test.xsl
> zsh: segmentation fault (core dumped) xsltproc test.xsl test.xsl
The issue comes from the function xmlSetNsProp in libxml2 which doesn't
check if the node we're trying to put an attribute on is an element
node. In the case of this stylesheet, since there's no element node
pushed before pushing the attribute, the attribute is applied to the
document node, thus putting the property node in place of a DTD node,
which, at free() time, provoques the segmentation fault.
See attached patch for a fix.
Mike
Index: tree.c
===================================================================
--- tree.c (リビジョン 349)
+++ tree.c (作業コピー)
@@ -6438,7 +6438,7 @@
const xmlChar *value) {
xmlAttrPtr prop;
- if ((node == NULL) || (name == NULL))
+ if ((node == NULL) || (name == NULL) || (node->type != XML_ELEMENT_NODE))
return(NULL);
if (ns == NULL)
