Avoid a heap use after free error

author Chris Evans <cevans@chromium.org>

Mon, 3 Sep 2012 10:16:44 +0000 (18:16 +0800)

committer Daniel Veillard <veillard@redhat.com>

Mon, 3 Sep 2012 10:16:44 +0000 (18:16 +0800)
author Chris Evans <cevans@chromium.org>
Mon, 3 Sep 2012 10:16:44 +0000 (18:16 +0800)
committer Daniel Veillard <veillard@redhat.com>
Mon, 3 Sep 2012 10:16:44 +0000 (18:16 +0800)
diff --git a/libxslt/functions.c b/libxslt/functions.c

index 5a8eb79..fe2f1ca 100644 (file)
--- a/libxslt/functions.c
+++ b/libxslt/functions.c
@@ -660,6 +660,7 @@ xsltFormatNumberFunction(xmlXPathParserContextPtr ctxt, int nargs)
  void
  xsltGenerateIdFunction(xmlXPathParserContextPtr ctxt, int nargs){
      xmlNodePtr cur = NULL;
+    xmlXPathObjectPtr obj = NULL;
      long val;
      xmlChar str[30];
      xmlDocPtr doc;
@@ -667,7 +668,6 @@ xsltGenerateIdFunction(xmlXPathParserContextPtr ctxt, int nargs){
      if (nargs == 0) {
         cur = ctxt->context->node;
      } else if (nargs == 1) {
-       xmlXPathObjectPtr obj;
         xmlNodeSetPtr nodelist;
         int i, ret;
  
@@ -690,7 +690,6 @@ xsltGenerateIdFunction(xmlXPathParserContextPtr ctxt, int nargs){
             if (ret == -1)
                 cur = nodelist->nodeTab[i];
         }
-       xmlXPathFreeObject(obj);
      } else {
         xsltTransformError(xsltXPathGetTransformContext(ctxt), NULL, NULL,
                 "generate-id() : invalid number of args %d\n", nargs);
@@ -713,6 +712,9 @@ xsltGenerateIdFunction(xmlXPathParserContextPtr ctxt, int nargs){
  
      }
  
+    if (obj)
+        xmlXPathFreeObject(obj);
+
      val = (long)((char *)cur - (char *)doc);
      if (val >= 0) {
        sprintf((char *)str, "idp%ld", val);
author	Chris Evans <cevans@chromium.org>
	Mon, 3 Sep 2012 10:16:44 +0000 (18:16 +0800)
committer	Daniel Veillard <veillard@redhat.com>
	Mon, 3 Sep 2012 10:16:44 +0000 (18:16 +0800)