Fix null-dereference crash in parse_xml_decl().

parse_xml_decl's header comment says you can pass NULL for any unwanted
output parameter, but it failed to honor this contract for the "standalone"
flag.  The only currently-affected caller is xml_recv, so the net effect is
that sending a binary XML value containing a standalone parameter in its
xml declaration would crash the backend.  Per bug #6044 from Christopher
Dillard.

In passing, remove useless initializations of parse_xml_decl's output
parameters in xml_parse.

Back-patch to 8.3, where this code was introduced.

1 files changed, 6 insertions, 4 deletions

diff --git a/src/backend/utils/adt/xml.c b/src/backend/utils/adt/xml.c
index eaf5b4d5502..0c0d3554c32 100644
--- a/src/backend/utils/adt/xml.c
+++ b/src/backend/utils/adt/xml.c
@@ -1067,13 +1067,15 @@ parse_xml_decl(const xmlChar *str, size_t *lenp,
 		if (xmlStrncmp(p, (xmlChar *) "'yes'", 5) == 0 ||
 			xmlStrncmp(p, (xmlChar *) "\"yes\"", 5) == 0)
 		{
-			*standalone = 1;
+			if (standalone)
+				*standalone = 1;
 			p += 5;
 		}
 		else if (xmlStrncmp(p, (xmlChar *) "'no'", 4) == 0 ||
 				 xmlStrncmp(p, (xmlChar *) "\"no\"", 4) == 0)
 		{
-			*standalone = 0;
+			if (standalone)
+				*standalone = 0;
 			p += 4;
 		}
 		else
@@ -1217,8 +1219,8 @@ xml_parse(text *data, XmlOptionType xmloption_arg, bool preserve_whitespace,
 		{
 			int			res_code;
 			size_t		count;
-			xmlChar    *version = NULL;
-			int			standalone = -1;
+			xmlChar    *version;
+			int			standalone;
 
 			res_code = parse_xml_decl(utf8string,
 									  &count, &version, NULL, &standalone);