[PATCH] msxml3: Duplicate stylesheet document before passing it to libxslt
Nikolay Sivov
nsivov at codeweavers.com
Tue Jan 31 05:47:44 CST 2017
Signed-off-by: Nikolay Sivov <nsivov at codeweavers.com>
---
Attempt to preserve a document doesn't always work, leading to
occasional double-free or use-after-free.
dlls/msxml3/node.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/dlls/msxml3/node.c b/dlls/msxml3/node.c
index ccecaa8cbb..c5a180b47b 100644
--- a/dlls/msxml3/node.c
+++ b/dlls/msxml3/node.c
@@ -1320,6 +1320,7 @@ HRESULT node_transform_node_params(const xmlnode *This, IXMLDOMNode *stylesheet,
{
#ifdef SONAME_LIBXSLT
xsltStylesheetPtr xsltSS;
+ xmlDocPtr sheet_doc;
HRESULT hr = S_OK;
xmlnode *sheet;
@@ -1331,8 +1332,9 @@ HRESULT node_transform_node_params(const xmlnode *This, IXMLDOMNode *stylesheet,
sheet = get_node_obj(stylesheet);
if(!sheet) return E_FAIL;
- xsltSS = pxsltParseStylesheetDoc(sheet->node->doc);
- if(xsltSS)
+ sheet_doc = xmlCopyDoc(sheet->node->doc, 1);
+ xsltSS = pxsltParseStylesheetDoc(sheet_doc);
+ if (xsltSS)
{
const char **xslparams = NULL;
xmlDocPtr result;
@@ -1377,11 +1379,11 @@ HRESULT node_transform_node_params(const xmlnode *This, IXMLDOMNode *stylesheet,
hr = node_transform_write_to_bstr(xsltSS, result, p);
xmlFreeDoc(result);
}
- /* libxslt "helpfully" frees the XML document the stylesheet was
- generated from, too */
- xsltSS->doc = NULL;
+
pxsltFreeStylesheet(xsltSS);
}
+ else
+ xmlFreeDoc(sheet_doc);
if(!*p) *p = SysAllocStringLen(NULL, 0);
--
2.11.0
More information about the wine-patches
mailing list