public inbox for [email protected]
help / color / mirror / Atom feedFrom: =?utf-8?B?Y2NhNTUwNw==?= <[email protected]>
To: =?utf-8?B?TWljaGFlbCBQYXF1aWVy?= <[email protected]>
To: =?utf-8?B?SmltIEpvbmVz?= <[email protected]>
Cc: =?utf-8?B?VG9tIExhbmU=?= <[email protected]>
Cc: =?utf-8?B?cGdzcWwtYnVncw==?= <[email protected]>
Cc: =?utf-8?B?bWFyYWxpc3Q4Ng==?= <[email protected]>
Subject: Re: BUG #18943: Return value of a function 'xmlBufferCreate' isdereferenced at xpath.c:177 without checking for NUL
Date: Sun, 8 Mar 2026 23:05:32 +0800
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<CAPLXN34Dr3Gbi+xJ6BgCeTyBJkMVe3cn7qxoADV72rC9ZHeBtQ@mail.gmail.com>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
> It seems that there are 2 misuse of "volatile" in xml.c:
>
> 1) xmltext()
>
> volatile xmlChar *xmlbuf = NULL; // -> xmlChar *volatile xmlbuf = NULL;
>
> 2) xml_xmlnodetoxmltype()
>
> volatile xmlChar *str = NULL; // -> xmlChar *volatile str = NULL;
>
> We want the pointer itself be volatile rather than what it points to.
Attach a small patch.
--
Regards,
ChangAo Chen
Attachments:
[application/octet-stream] Fix-misuse-of-volatile.patch (1.3K, 2-Fix-misuse-of-volatile.patch)
download | inline diff:
diff --git a/src/backend/utils/adt/xml.c b/src/backend/utils/adt/xml.c
index 2c8d5a81b75..dd3270a0782 100644
--- a/src/backend/utils/adt/xml.c
+++ b/src/backend/utils/adt/xml.c
@@ -529,7 +529,7 @@ xmltext(PG_FUNCTION_ARGS)
#ifdef USE_LIBXML
text *arg = PG_GETARG_TEXT_PP(0);
text *result;
- volatile xmlChar *xmlbuf = NULL;
+ xmlChar *volatile xmlbuf = NULL;
PgXmlErrorContext *xmlerrcxt;
/* First we gotta spin up some error handling. */
@@ -544,19 +544,19 @@ xmltext(PG_FUNCTION_ARGS)
"could not allocate xmlChar");
result = cstring_to_text_with_len((const char *) xmlbuf,
- xmlStrlen((const xmlChar *) xmlbuf));
+ xmlStrlen(xmlbuf));
}
PG_CATCH();
{
if (xmlbuf)
- xmlFree((xmlChar *) xmlbuf);
+ xmlFree(xmlbuf);
pg_xml_done(xmlerrcxt, true);
PG_RE_THROW();
}
PG_END_TRY();
- xmlFree((xmlChar *) xmlbuf);
+ xmlFree(xmlbuf);
pg_xml_done(xmlerrcxt, false);
PG_RETURN_XML_P(result);
@@ -4247,7 +4247,7 @@ xml_xmlnodetoxmltype(xmlNodePtr cur, PgXmlErrorContext *xmlerrcxt)
}
else
{
- volatile xmlChar *str = NULL;
+ xmlChar *volatile str = NULL;
PG_TRY();
{
@@ -4267,7 +4267,7 @@ xml_xmlnodetoxmltype(xmlNodePtr cur, PgXmlErrorContext *xmlerrcxt)
PG_FINALLY();
{
if (str)
- xmlFree((xmlChar *) str);
+ xmlFree(str);
}
PG_END_TRY();
}
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: BUG #18943: Return value of a function 'xmlBufferCreate' isdereferenced at xpath.c:177 without checking for NUL
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox