Skip site navigation (1) Skip section navigation (2)

BUG #6044: Access violation on XML decl with standalone

From: "Christopher Dillard" <csdillard(at)gmail(dot)com>
To: pgsql-bugs(at)postgresql(dot)org
Subject: BUG #6044: Access violation on XML decl with standalone
Date: 2011-05-27 20:02:04
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-bugs
The following bug has been logged online:

Bug reference:      6044
Logged by:          Christopher Dillard
Email address:      csdillard(at)gmail(dot)com
PostgreSQL version: 8.4.8
Operating system:   Windows
Description:        Access violation on XML decl with standalone


In PostgreSQL 8.4.8, the function "xml_recv" (in
src/backend/utils/adt/xml.c) calls the function "parse_xml_decl", passing
NULL for the final "standalone" parameter.  However, "parse_xml_decl" does
not check for standalone==NULL, and blindly sets "*standalone = 0".  This
causes a crash if the xml declaration actually has a standalone parmeter,
e.g. '<?xml version="1.0" standalone="no"?><anything/>'.

I wish I could provide a SQL test case, but I only found this by setting a
breakpoint on the 0xC0000005 exception in Visual Studio.  (And it was
closed-source third party software that was interacting with PostgreSQL when
the crash occurred, so I can't attack it from that angle.)

I speculate that the source code in question has something to do with
binding XML parameters to prepared statements or function arguments, but
since that's the first time I'd looked at the PostgreSQL source code, I
couldn't say anything for sure.

Am I interpreting this right?  Can someone more knowledgeable provide a SQL
test case?



pgsql-bugs by date

Next:From: Alexey KlyukinDate: 2011-05-27 20:43:54
Subject: Re: 9.1 plperlu bug with null rows in trigger hash
Previous:From: Mathew SamuelDate: 2011-05-27 18:26:34
Subject: UTC4115FATAL: the database system is in recovery mode

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group