epub: free the ncx toc attribute string in get_toc_file_name#722
Open
maxheise wants to merge 1 commit into
Open
epub: free the ncx toc attribute string in get_toc_file_name#722maxheise wants to merge 1 commit into
maxheise wants to merge 1 commit into
Conversation
get_toc_file_name() in backend/epub/epub-document.c reads the spine's
"toc" attribute into a local xmlChar *ncx:
xmlChar *ncx = xml_get_data_from_node(spine, XML_ATTRIBUTE,
(xmlChar*)"toc");
xml_get_data_from_node() in XML_ATTRIBUTE mode calls xmlGetProp(), which
returns a freshly allocated copy of the attribute value that the caller
owns and must release with xmlFree(). The value is used once, as the id
to match in
xml_parse_children_of_node(manifest, (xmlChar*)"item",
(xmlChar*)"id", ncx);
and is then never freed: the success path returns tocfilename without
releasing ncx, so the copy is leaked. (On the ncx == NULL path no ncx
string was allocated.) get_toc_file_name() is called once per load from
setup_document_index() for documents that carry an NCX toc, so the leak
happens on ordinary loads of such documents.
Free ncx with xmlFree() immediately after its last use. xmlFree() is the
deallocator that matches xmlGetProp().
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Hello,
This frees a small string that get_toc_file_name() in the EPUB backend
leaks on its success path.
get_toc_file_name() reads the spine's "toc" attribute with
xml_get_data_from_node(spine, XML_ATTRIBUTE, ...), which calls
xmlGetProp() and returns a freshly allocated copy that the caller must
release with xmlFree(). The value (ncx) is used once, to match the
manifest item id, and is then never freed: the success path returns the
toc file name without releasing ncx. (On the ncx == NULL path no ncx
string was allocated.) get_toc_file_name() runs once per load from
setup_document_index() for documents that carry an NCX toc, so the leak
happens on ordinary loads of such documents.
Free ncx with xmlFree() right after its last use. xmlFree() matches the
xmlGetProp() allocation.
Best regards,
Max