| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Robin Haberkorn <haberkorn(at)b1-systems(dot)de>, Jim Jones <jim(dot)jones(at)uni-muenster(dot)de>, pgsql-bugs(at)lists(dot)postgresql(dot)org, maralist86(at)mail(dot)ru |
| Subject: | Re: BUG #18943: Return value of a function 'xmlBufferCreate' is dereferenced at xpath.c:177 without checking for NUL |
| Date: | 2025-07-09 00:45:07 |
| Message-ID: | aG27k8a2y9fvak40@paquier.xyz |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Tue, Jul 08, 2025 at 09:36:37AM -0400, Tom Lane wrote:
> The comment in xml_errorHandler() argues
Yep.
> So switching to _ALL (or even _WELL_FORMED) mode would result in
> nontrivial differences in the behavior of xpath.c's functions with
> bad input. Maybe that's a reasonable thing to do, but it's a
> question of user-visible behavior not just code cleanliness.
Yes, I don't see a huge advantage in doing the switch for this module.
If the gain in information in the error states grabbed from libxml2
makes it a win, that may be a different argument (I am fine to be
proved wrong), but I cannot get excited about that without more
data to claim it so.
I have quickly tested the change, and the xpath_string() path was one
area that immediately stood out, and we may report an incorrect error.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | suyu.cmj | 2025-07-09 01:57:08 | Re: The same 2PC data maybe recovered twice |
| Previous Message | Jeff Davis | 2025-07-08 17:48:43 | Re: BUG #18965: Issue with Short-Circuit Evaluation in Boolean Expressions |