summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorEli Zaretskii <eliz@gnu.org>2016-10-23 16:54:00 +0300
committerEli Zaretskii <eliz@gnu.org>2016-10-23 16:54:00 +0300
commit9afea93ed536fb9110ac62b413604cf4c4302199 (patch)
tree1730d866aa1b10e47e163596a97f69fba907c8f0 /src
parentb8e8e1528829516ccce5ce0be8b97cdce0a86999 (diff)
downloademacs-9afea93ed536fb9110ac62b413604cf4c4302199.tar.gz
Attempt to catch reads from a buffer that is relocated
* src/xml.c (parse_region): Add assertion to ensure buffer text is not relocated while libxml2 is reading it. (Bug#24764)
Diffstat (limited to 'src')
-rw-r--r--src/xml.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/src/xml.c b/src/xml.c
index b1175d14a1a..1ef84bd917e 100644
--- a/src/xml.c
+++ b/src/xml.c
@@ -181,6 +181,7 @@ parse_region (Lisp_Object start, Lisp_Object end, Lisp_Object base_url,
Lisp_Object result = Qnil;
const char *burl = "";
ptrdiff_t istart, iend, istart_byte, iend_byte;
+ unsigned char *buftext;
xmlCheckVersion (LIBXML_VERSION);
@@ -200,18 +201,24 @@ parse_region (Lisp_Object start, Lisp_Object end, Lisp_Object base_url,
burl = SSDATA (base_url);
}
+ buftext = BYTE_POS_ADDR (istart_byte);
if (htmlp)
- doc = htmlReadMemory ((char *) BYTE_POS_ADDR (istart_byte),
+ doc = htmlReadMemory ((char *)buftext,
iend_byte - istart_byte, burl, "utf-8",
HTML_PARSE_RECOVER|HTML_PARSE_NONET|
HTML_PARSE_NOWARNING|HTML_PARSE_NOERROR|
HTML_PARSE_NOBLANKS);
else
- doc = xmlReadMemory ((char *) BYTE_POS_ADDR (istart_byte),
+ doc = xmlReadMemory ((char *)buftext,
iend_byte - istart_byte, burl, "utf-8",
XML_PARSE_NONET|XML_PARSE_NOWARNING|
XML_PARSE_NOBLANKS |XML_PARSE_NOERROR);
+ /* If the assertion below fails, malloc was called inside the above
+ libxml2 functions, and ralloc.c caused relocation of buffer text,
+ so we could have read from unrelated memory. */
+ eassert (buftext == BYTE_POS_ADDR (istart_byte));
+
if (doc != NULL)
{
Lisp_Object r = Qnil;
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-03 05:06:13 +0000