Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

_CFXMLInterface: account for possible nullptr return #5082

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

_CFXMLInterface: account for possible nullptr return #5082

wants to merge 1 commit into from

Conversation

compnerd
Copy link
Member

@compnerd compnerd commented Sep 6, 2024

xmlSplitQName2 may return nullptr for the result, which when passed to CFStringCreateWithCString would attempt to perform strlen(nullptr) which is ill-defined. When updating libxml2 on Windows, we would perform an invalid memory access due to the strlen invocation inside CFStringCreateWithCString. Protect against this case, returning NULL instead.

@compnerd
Copy link
Member Author

compnerd commented Sep 6, 2024

@swift-ci please test

@compnerd
Copy link
Member Author

compnerd commented Sep 6, 2024

CC: @jmschonfeld

parkera
parkera reviewed Sep 6, 2024
View reviewed changes
Sources/_CFXMLInterface/CFXMLInterface.c Outdated
CFStringRef resultString = __CFSwiftXMLParserBridgeCF.CFStringCreateWithCString(NULL, (const char*)result, kCFStringEncodingUTF8);
CFStringRef resultString = NULL;
if (result) {
__CFSwiftXMLParserBridgeCF.CFStringCreateWithCString(NULL, (const char*)result, kCFStringEncodingUTF8);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit - inconsistent spacing in the file.

Is xmlFree(NULL) ok to call?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, AFAIK, xmlFree behaves as free, where nullptr as an argument is well defined.

@compnerd
Copy link
Member Author

compnerd commented Sep 9, 2024

@swift-ci please test Windows platform

@compnerd
_CFXMLInterface: account for possible nullptr return
9cae1fa 
`xmlSplitQName2` may return `nullptr` for the result, which when passed
to `CFStringCreateWithCString` would attempt to perform
`strlen(nullptr)` which is ill-defined. When updating libxml2 on
Windows, we would perform an invalid memory access due to the `strlen`
invocation inside `CFStringCreateWithCString`. Protect against this
case, returning `NULL` instead.
@compnerd
Copy link
Member Author

compnerd commented Sep 9, 2024

@swift-ci please test

@compnerd
Copy link
Member Author

@swift-ci please test windows platform

@AZero13
Copy link
Contributor

AZero13 commented Dec 11, 2024

Any update

@compnerd
Copy link
Member Author

Not pushing forward on this for the time being as the motivation behind this was behavioural changes in libxml2 2.13.x which has ABI breakages that are difficult to address.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@parkera parkera parkera approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@compnerd @AZero13 @parkera