tags 310621 -unreproducible
tags 310621 +patch
thanks
Ian Eure already submitted a test case, and I got a segfault as well.
If you install the debugging symbols for libwbxml2 and run xml2wbxml
in gdb, you can see it crashes on line 1878 of wbxml_encoder.c,
because encoder->current_attr is NULL.
wbxml_encode_value_element_buffer is buggy, because it tries to
dereference pointers of which it just assumes they are not NULL. I
don't know how the encoder works, but I guess current_attr MUST be
checked for NULL-ness before using it.
It's also recommended to check all of wbxml_encoder.c for this kind of
bugs; are we sure that encoder->lang and friends are never NULL?
And IMHO, a parsing library (like libwbxml2) should be as robust as
possible, and return an error instead of choking on it's own bad
pointers. It's not "just annoying", it makes applications of the
library unreliable.
Sincerely,
Stijn van Drongelen
--- wbxml2-0.9.2/src/wbxml_encoder.orig.c 2008-01-20 01:25:46.000000000 +0100
+++ wbxml2-0.9.2/src/wbxml_encoder.c 2008-01-20 01:26:25.000000000 +0100
@@ -1875,6 +1875,9 @@
#if defined( WBXML_SUPPORT_SI )
case WBXML_LANG_SI10:
/* SI 1.0: Encode date for 'created' and 'si-expires' attributes */
+ if (encoder->current_attr == NULL)
+ break;
+
if ((encoder->current_attr->wbxmlCodePage == 0x00) &&
((encoder->current_attr->wbxmlToken == 0x0a) || (encoder->current_attr->wbxmlToken == 0x10)))
{
@@ -1886,6 +1889,9 @@
#if defined( WBXML_SUPPORT_EMN )
case WBXML_LANG_EMN10:
/* EMN 1.0: Encode date for 'timestamp' attribute */
+ if (encoder->current_attr == NULL)
+ break;
+
if ((encoder->current_attr->wbxmlCodePage == 0x00) && (encoder->current_attr->wbxmlToken == 0x05))
{
return wbxml_encode_datetime(encoder, buffer);
