[ expat-Bugs-546534 ] Fix for Bug #476929 does not work

noreply@sourceforge.net noreply@sourceforge.net
Sat Apr 20 11:54:03 2002


Bugs item #546534, was opened at 2002-04-20 12:58
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=110127&aid=546534&group_id=10127

Category: None
Group: None
Status: Open
Resolution: None
>Priority: 7
Submitted By: Karl Waclawek (kwaclaw)
>Assigned to: Fred L. Drake, Jr. (fdrake)
Summary: Fix for Bug #476929 does not work

Initial Comment:
The patch modification gives me null pointer errors.
The original patch has been modified when the bug was 
closed.

The modified patch looks like this:

<snippet>
  if (elementType->prefix) {
    binding = elementType->prefix->binding;
    if (!binding)
      return XML_ERROR_NONE;
    localPart = tagNamePtr->str;
    while (*localPart++ != XML_T(':'))
      ;
  }
  else if (dtd.defaultPrefix.binding) {
    binding = dtd.defaultPrefix.binding;
    localPart = tagNamePtr->str;
  }
  else
    localPart = NULL;
  if (ns && ns_triplets && binding->prefix->name) {
    for (prefixLen = 0; binding->prefix->name
[prefixLen++];)
      ;
    n += prefixLen;
  }
  else
    return XML_ERROR_NONE;
  tagNamePtr->localPart = localPart;
  tagNamePtr->uriLen = binding->uriLen;
  for (i = 0; localPart[i++];)
    ;
  n = i + binding->uriLen;
  if (n > binding->uriAlloc) {...
</snippet>

The patch code "if (ns && ns_triplets && binding-
>prefix->name) ..."
has no effect, since the value assigned to n will be 
discarded by
the later assignment n = i + binding->uriLen;
It also seems that it is possible that the loop "for 
(i = 0; localPart[i++];)"
will be executed against a NULLed localpart. This may 
be the error,
but I haven't run it through the debugger yet, since 
debugging a VC++ DLL
that is used by a non-C++ program requires some effort.

The original patch looks like this:

<snippet>
  if (elementType->prefix) {
    binding = elementType->prefix->binding;
    if (!binding)
      return XML_ERROR_NONE;
    localPart = tagNamePtr->str;
    while (*localPart++ != XML_T(':'))
      ;
  }
  else if (dtd.defaultPrefix.binding) {
    binding = dtd.defaultPrefix.binding;
    localPart = tagNamePtr->str;
  }
  else
    return XML_ERROR_NONE;
  tagNamePtr->localPart = localPart;
  tagNamePtr->uriLen = binding->uriLen;
  for (i = 0; localPart[i++];)
    ;
  n = i + binding->uriLen;
  //kw1 - added the following 5 lines for NS_Triplets 
handling
  if (ns && ns_triplets && binding->prefix->name) {
    for (prefixLen = 0; binding->prefix->name
[prefixLen++];)
      ;
    n += prefixLen;
  }
  if (n > binding->uriAlloc) { ...
</snippet>

I think the problem revolves around: Why does the new 
code
continue on where the old code returns - see return 
XML_ERROR_NONE;



----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=110127&aid=546534&group_id=10127