kenmirrors/freeswitch
1
0
Fork 0
mirror of https://github.com/signalwire/freeswitch.git synced 2025-05-10 17:43:59 +00:00
Code Issues Projects Releases Wiki Activity

[Core] scan-build: fix false-positive use-after-free in switch_xml_internal_dtd()

Browse Source
This commit is contained in:
Andrey Volk 2021-04-25 04:12:50 +03:00
parent d6884d6871
commit b59c28bdbd
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/switch_xml.c
View File

@ -839,6 +839,8 @@ static short switch_xml_internal_dtd(switch_xml_root_t root, char *s, switch_siz
if (!*s) if (!*s)
break; break;
else if (!strncmp(s, "<!ENTITY", 8)) { /* parse entity definitions */ else if (!strncmp(s, "<!ENTITY", 8)) { /* parse entity definitions */
int use_pe;
c = s += strspn(s + 8, SWITCH_XML_WS) + 8; /* skip white space separator */ c = s += strspn(s + 8, SWITCH_XML_WS) + 8; /* skip white space separator */
n = s + strspn(s, SWITCH_XML_WS "%"); /* find name */ n = s + strspn(s, SWITCH_XML_WS "%"); /* find name */
*(s = n + strcspn(n, SWITCH_XML_WS)) = ';'; /* append ; to name */ *(s = n + strcspn(n, SWITCH_XML_WS)) = ';'; /* append ; to name */
@ -849,10 +851,11 @@ static short switch_xml_internal_dtd(switch_xml_root_t root, char *s, switch_siz
continue; continue;
} }
for (i = 0, ent = (*c == '%') ? pe : root->ent; ent[i]; i++); use_pe = (*c == '%');
for (i = 0, ent = (use_pe) ? pe : root->ent; ent[i]; i++);
sstmp = (char **) switch_must_realloc(ent, (i + 3) * sizeof(char *)); /* space for next ent */ sstmp = (char **) switch_must_realloc(ent, (i + 3) * sizeof(char *)); /* space for next ent */
ent = sstmp; ent = sstmp;
if (*c == '%') if (use_pe)
pe = ent; pe = ent;
else else
root->ent = ent; root->ent = ent;