Joe Marcus Clarke reported a segfault on FBsd this was due to
* valid.c: Joe Marcus Clarke reported a segfault on FBsd
this was due to uninitialized parts of the validation context
Daniel
diff --git a/valid.c b/valid.c
index df1e6ef..57c42f0 100644
--- a/valid.c
+++ b/valid.c
@@ -4552,9 +4552,9 @@
xmlElementPtr elemDecl, int warn, xmlNodePtr parent) {
int ret = 1;
#ifndef LIBXML_REGEXP_ENABLED
- xmlNodePtr last = NULL;
+ xmlNodePtr repl = NULL, last = NULL, tmp;
#endif
- xmlNodePtr repl = NULL, cur, tmp;
+ xmlNodePtr cur;
xmlElementContentPtr cont;
const xmlChar *name;
@@ -4572,6 +4572,9 @@
} else {
xmlRegExecCtxtPtr exec;
+ ctxt->nodeMax = 0;
+ ctxt->nodeNr = 0;
+ ctxt->nodeTab = NULL;
exec = xmlRegNewExecCtxt(elemDecl->contModel, NULL, NULL);
if (exec != NULL) {
cur = child;
@@ -4763,9 +4766,11 @@
expr[0] = 0;
xmlSnprintfElementContent(expr, 5000, cont, 1);
list[0] = 0;
+#ifndef LIBXML_REGEXP_ENABLED
if (repl != NULL)
xmlSnprintfElements(list, 5000, repl, 1);
else
+#endif /* LIBXML_REGEXP_ENABLED */
xmlSnprintfElements(list, 5000, child, 1);
if (name != NULL) {
@@ -4798,7 +4803,6 @@
#ifndef LIBXML_REGEXP_ENABLED
done:
-#endif
/*
* Deallocate the copy if done, and free up the validation stack
*/
@@ -4812,6 +4816,7 @@
xmlFree(ctxt->vstateTab);
ctxt->vstateTab = NULL;
}
+#endif
ctxt->nodeMax = 0;
ctxt->nodeNr = 0;
if (ctxt->nodeTab != NULL) {