Attempt to catch reads from a buffer that is relocated

* src/xml.c (parse_region): Add assertion to ensure buffer text is not relocated while libxml2 is reading it. (Bug#24764)
2026-02-06 23:51:24 -08:00 · 2016-10-23 16:54:00 +03:00 · 2016-10-23 16:54:00 +03:00 · 9afea93ed5
commit 9afea93ed5
parent b8e8e15288
1 changed files with 9 additions and 2 deletions
--- a/src/xml.c
+++ b/src/xml.c
@ -181,6 +181,7 @@ parse_region (Lisp_Object start, Lisp_Object end, Lisp_Object base_url,
  Lisp_Object result = Qnil;
  const char *burl = "";
  ptrdiff_t istart, iend, istart_byte, iend_byte;
+  unsigned char *buftext;

  xmlCheckVersion (LIBXML_VERSION);

@ -200,18 +201,24 @@ parse_region (Lisp_Object start, Lisp_Object end, Lisp_Object base_url,
      burl = SSDATA (base_url);
    }

+  buftext = BYTE_POS_ADDR (istart_byte);
  if (htmlp)
-    doc = htmlReadMemory ((char *) BYTE_POS_ADDR (istart_byte),
+    doc = htmlReadMemory ((char *)buftext,
 			  iend_byte - istart_byte, burl, "utf-8",
 			  HTML_PARSE_RECOVER|HTML_PARSE_NONET|
 			  HTML_PARSE_NOWARNING|HTML_PARSE_NOERROR|
 			  HTML_PARSE_NOBLANKS);
  else
-    doc = xmlReadMemory ((char *) BYTE_POS_ADDR (istart_byte),
+    doc = xmlReadMemory ((char *)buftext,
 			 iend_byte - istart_byte, burl, "utf-8",
 			 XML_PARSE_NONET|XML_PARSE_NOWARNING|
 			 XML_PARSE_NOBLANKS |XML_PARSE_NOERROR);

+  /* If the assertion below fails, malloc was called inside the above
+     libxml2 functions, and ralloc.c caused relocation of buffer text,
+     so we could have read from unrelated memory.  */
+  eassert (buftext == BYTE_POS_ADDR (istart_byte));
+
  if (doc != NULL)
    {
      Lisp_Object r = Qnil;