public inbox for [email protected]
help / color / mirror / Atom feedFrom: Andrey Chernyy <[email protected]>
Subject: [PATCH] xml2: Fix stylesheet document leak in xslt_process()
Date: Fri, 5 Jun 2026 02:43:39 +0300
xslt_process() parses the stylesheet text into an xmlDoc before passing it
to xsltParseStylesheetDoc(). On success, the returned stylesheet owns
that document and frees it through xsltFreeStylesheet().
On failure, libxslt leaves the caller responsible for the xmlDoc, as
shown by its own xsltParseStylesheetFile() wrapper. Keep tracking the
stylesheet document until ownership has been transferred so the error
cleanup path can free it.
---
contrib/xml2/xslt_proc.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/contrib/xml2/xslt_proc.c b/contrib/xml2/xslt_proc.c
index 8ceb8c46494..b83d28fe579 100644
--- a/contrib/xml2/xslt_proc.c
+++ b/contrib/xml2/xslt_proc.c
@@ -55,6 +55,7 @@ xslt_process(PG_FUNCTION_ARGS)
PgXmlErrorContext *xmlerrcxt;
volatile xsltStylesheetPtr stylesheet = NULL;
volatile xmlDocPtr doctree = NULL;
+ volatile xmlDocPtr ssdoc = NULL;
volatile xmlDocPtr restree = NULL;
volatile xsltSecurityPrefsPtr xslt_sec_prefs = NULL;
volatile xsltTransformContextPtr xslt_ctxt = NULL;
@@ -78,7 +79,6 @@ xslt_process(PG_FUNCTION_ARGS)
PG_TRY();
{
- xmlDocPtr ssdoc;
bool xslt_sec_prefs_error;
int reslen = 0;
@@ -100,8 +100,13 @@ xslt_process(PG_FUNCTION_ARGS)
xml_ereport(xmlerrcxt, ERROR, ERRCODE_INVALID_XML_DOCUMENT,
"error parsing stylesheet as XML document");
- /* After this call we need not free ssdoc separately */
+ /*
+ * On success, the stylesheet owns ssdoc. On failure, libxslt leaves
+ * the caller responsible for freeing ssdoc.
+ */
stylesheet = xsltParseStylesheetDoc(ssdoc);
+ if (stylesheet != NULL)
+ ssdoc = NULL;
if (stylesheet == NULL || pg_xml_error_occurred(xmlerrcxt))
xml_ereport(xmlerrcxt, ERROR, ERRCODE_INVALID_ARGUMENT_FOR_XQUERY,
@@ -167,6 +172,8 @@ xslt_process(PG_FUNCTION_ARGS)
xsltFreeSecurityPrefs(xslt_sec_prefs);
if (stylesheet != NULL)
xsltFreeStylesheet(stylesheet);
+ if (ssdoc != NULL)
+ xmlFreeDoc(ssdoc);
if (doctree != NULL)
xmlFreeDoc(doctree);
if (resstr != NULL)
--
2.54.0
--MP_/JNWBJ4_fkREZAfM76xZSan6--
view thread (759+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected]
Subject: Re: [PATCH] xml2: Fix stylesheet document leak in xslt_process()
In-Reply-To: <no-message-id-1193915@localhost>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox