Re: BUG #3860: xpath crashes backend when is querying xmlagg result

Tom Lane escribió:

> One thing I was wondering about earlier today is whether libxml isn't
> expecting NULL-return-on-failure from the malloc-substitute routine.
> If we take control away from it unexpectedly, I wouldn't be a bit
> surprised if its data structures are left corrupt. This might lead to
> failures during cleanup.

Hmm, this is a very good point. I quick look at the source shows that
they are not very consistent on its own checking for memory allocation
errors. For example, see a bug I just reported:

http://bugzilla.gnome.org/show_bug.cgi?id=508662

The problem is that many routines look like this:

xmlXPathNewNodeSet(xmlNodePtr val) {
xmlXPathObjectPtr ret;

ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
if (ret == NULL) {
xmlXPathErrMemory(NULL, "creating nodeset\n");
return(NULL);
}

and others would call this code and then happily use the return value
without checking for null.

--
Alvaro Herrera http://www.CommandPrompt.com/
PostgreSQL Replication, Consulting, Custom Development, 24x7 support