GNOME/libxml2
1
0
Fork 0
mirror of https://github.com/GNOME/libxml2.git synced 2025-05-08 21:07:54 +08:00
Code Issues Releases Wiki Activity

Add fuzzing asserts to xmlSetTreeDoc()

Browse Source 
* tree.c:
(xmlSetTreeDoc):
- When xmlSetTreeDoc() has to change documents, the calling code
  probably has a bug, so assert when those conditions are hit.
  This is a follow-up to commit 4bc3ebf3.
This commit is contained in:
David Kilzer 2022-03-19 17:17:40 -07:00
parent 4bc3ebf3ea
commit 300e19932f
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
tree.c
View File

@ -18,6 +18,7 @@
#define IN_LIBXML
#include "libxml.h"
#include <assert.h>
#include <string.h> /* for memset() only ! */
#include <stddef.h>
#include <limits.h>
@ -2850,6 +2851,10 @@ xmlSetTreeDoc(xmlNodePtr tree, xmlDocPtr doc) {
xmlRemoveID(tree->doc, prop);
}
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
if (prop->doc)
assert(xmlDictOwns(prop->doc->dict, prop->name) != 1);
#endif
if (prop->doc != doc) {
xmlDictPtr oldPropDict = prop->doc ? prop->doc->dict : NULL;
prop->name = _copyStringForNewDictIfNeeded(oldPropDict, newDict, prop->name);
@ -2884,6 +2889,13 @@ xmlSetTreeDoc(xmlNodePtr tree, xmlDocPtr doc) {
xmlSetListDoc(tree->children, doc);
}
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
if (tree->doc) {
assert(xmlDictOwns(tree->doc->dict, tree->name) != 1);
assert(xmlDictOwns(tree->doc->dict, tree->content) != 1);
}
assert(tree->ns == NULL);
#endif
tree->name = _copyStringForNewDictIfNeeded(oldTreeDict, newDict, tree->name);
tree->content = (xmlChar *)_copyStringForNewDictIfNeeded(oldTreeDict, NULL, tree->content);
/* FIXME: tree->ns should be updated as in xmlStaticCopyNode(). */