ASAN/valgrind errors in connect.misc test

accessing freed memory. Before XMLCOL::WriteColumn() Tdbp->Clist gets assigned a nodelist in Clist = RowNode->SelectNodes(g, Colname, Clist); which is RowNode->Doc->Xop->nodesetval. In XMLCOL::WriteColumn() ValNode = ColNode->SelectSingleNode(g, Xname, Vxnp); calls LIBXMLDOC::GetNodeList() again, which frees the previous XPath object Xop and replaces it with a new one. In this case RowNode->Doc == ColNode->Doc, so Clist->Listp points to a freed memory now.
2022-01-29 13:42:38 +01:00 · 2022-01-29 13:42:38 +01:00 · 8afcda9309
commit 8afcda9309
parent 5e5feb84b6
1 changed files with 3 additions and 0 deletions
--- a/storage/connect/tabxml.cpp
+++ b/storage/connect/tabxml.cpp
@ -1803,6 +1803,9 @@ void XMLCOL::WriteColumn(PGLOBAL g)
    else if (Tdbp->Clist)
      ColNode = NULL;

+    // refresh CList in case its Listp was freed in SelectSingleNode above
+    if (Tdbp->Clist)
+      Tdbp->RowNode->SelectNodes(g, Tdbp->Colname, Tdbp->Clist);
    } // endfor i

  /*********************************************************************/